I am going through the steps preparatory to posting about my encounter with the Antivirus 2012 malware. I have finished the Malwarebytes Anti-Malware scan which beside generating a log also has a button called Remove Selected (all the files found are selected.) Should I click the button and then close Anti-Malware before proceeding with the GMER steps requiring all open apps to be closed? Or should I not click and just close Anti-Malware?
2
40 replies to this topic
#2 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:
Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
#3 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:
Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 30 December 2011 - 01:46 AM
Broni, on 30 December 2011 - 01:43 AM, said:
Welcome aboard 
Yes, all threats found by MBAM should be removed.
Yes, all threats found by MBAM should be removed.
#5 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
#6 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 31 December 2011 - 12:20 AM
A question analogous to my first but dealing with aswMBR. It has finished its scan. When I select FixMBR it tells me I would inalterably change the master boot record if I proceeded - I did not. Should I save the log and skip FixMBR?
#7 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
#8 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 31 December 2011 - 10:53 PM
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.29.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MC :: MCLENOVO [administrator]
12/29/2011 3:00:29 PM
mbam-log-2011-12-29 (15-00-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466122
Time elapsed: 3 hour(s), 46 minute(s), 27 second(s)
Memory Processes Detected: 3
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 1948 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 3824 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 4516 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 56
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com_ (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki58918.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\501.3342.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\911.6228.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\359.2702.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.1079568372528027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.15335151461910845.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17747877173368776.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17777054093356692.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.22588130243656412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.240513181918786.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.24553409018840222.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.25010114673796413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.32484537371683575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3312597424562248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3506092492388043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.35934956839592136.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3645572140033807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3857986321075795.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47462399959130985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47776671727206055.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4911577547642141.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5956346731772147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5963870360806521.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8067415534422132.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8169260297638787.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8554157897545503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8990266496797329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.5047565167411605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.030998777676057743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.13417966231262268.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4689727422896043.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.570773550379099.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.746897290020857.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.0705427049039472.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.3079881952135458.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5206753269452312.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5856143785041231.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.8634492555498373.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wera0.8720141443817981.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.17310091991236853.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.721731446718463.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2348678956786081.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2693866287207911.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3198743707636792.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5295476724462552.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.6355572187413162.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.7420488700562493.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8407855540284099.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8573626512833309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8668565905927096.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.12748044852534113.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.21886543346445309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.29.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MC :: MCLENOVO [administrator]
12/29/2011 3:00:29 PM
mbam-log-2011-12-29 (15-00-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466122
Time elapsed: 3 hour(s), 46 minute(s), 27 second(s)
Memory Processes Detected: 3
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 1948 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 3824 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 4516 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 56
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com_ (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki58918.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\501.3342.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\911.6228.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\359.2702.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.1079568372528027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.15335151461910845.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17747877173368776.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17777054093356692.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.22588130243656412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.240513181918786.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.24553409018840222.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.25010114673796413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.32484537371683575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3312597424562248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3506092492388043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.35934956839592136.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3645572140033807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3857986321075795.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47462399959130985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47776671727206055.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4911577547642141.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5956346731772147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5963870360806521.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8067415534422132.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8169260297638787.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8554157897545503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8990266496797329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.5047565167411605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.030998777676057743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.13417966231262268.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4689727422896043.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.570773550379099.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.746897290020857.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.0705427049039472.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.3079881952135458.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5206753269452312.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5856143785041231.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.8634492555498373.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wera0.8720141443817981.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.17310091991236853.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.721731446718463.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2348678956786081.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2693866287207911.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3198743707636792.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5295476724462552.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.6355572187413162.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.7420488700562493.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8407855540284099.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8573626512833309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8668565905927096.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.12748044852534113.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.21886543346445309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 14:55:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600YS-18SHB2 rev.20.06C07
Running: n7gmo46c.exe; Driver: C:\DOCUME~1\MC\LOCALS~1\Temp\axlyypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF4E91000, 0x1CBE76, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[620] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0104000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0105000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0103000C
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0393000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0395000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 03BE000A
.text C:\WINDOWS\System32\svchost.exe[1116] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00FF000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A4000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 001A000C
.text C:\WINDOWS\System32\ping.exe[3780] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BC000A
.text C:\WINDOWS\System32\ping.exe[3780] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BD000A
.text C:\WINDOWS\System32\ping.exe[3780] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\ping.exe[3780] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00BB000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 82C3E2C6
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) AD998000-AD9B2000 (106496 bytes)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB28011$\2486237531 0 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\bckfg.tmp 849 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\keywords 318 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\L 0 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\L\goxiovoe 456320 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U 0 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\80000032.@ 77312 bytes
File C:\WINDOWS\$NtUninstallKB28011$\3010183376 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[1].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[2].htm 8698 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[3].htm 6228 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[4].htm 759 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[5].htm 8505 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[6].htm 8672 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[7].htm 2551 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[8].htm 8192 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dynamic_companion_banner_iframe[1].htm 991 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\eam[1].txt 182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\empty[1].htm 239 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[1].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[2].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[3].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[4].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[5].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[6].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[7].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[1].htm 1546 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[2].htm 1797 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[3].htm 1529 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[4].htm 1292 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[5].htm 1534 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adServer[1].htm 2460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adsgen[1].htm 1163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ads[1].js 11839 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\js[1] 8617 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[1].htm 877 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\js[2] 7980 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[2].htm 633 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[3].htm 1134 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[4].htm 306 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jwplayer[1].js 140572 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\j[1].ad 378 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\kelly2[1].jpg 11307 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\lgrt[1] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\lgrt[2] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\p[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[2].htm 835 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[3].htm 494 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[4].htm 933 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[5].htm 360 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[6].htm 338 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[7].htm 339 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[8].htm 338 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[9].htm 976 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframepull5[1].htm 1125 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[1].htm 1240 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[1].txt 526 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[2].htm 1240 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[2].txt 2426 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\aceUACping[1].htm 2990 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[3] 491 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAPHREE9.php 3376 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAV5SVZK.php 3376 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[10].php 3960 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\PlayerSeed[1].js 85029 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\PlayerSeed[2].js 85029 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\plusone[1].js 7227 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\popeye_300x250d_2clicks[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\PortalServe[1].htm 18085 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[1] 516 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[1].htm 1477 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[2] 514 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[3] 514 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cntcp9_YellowpagesSearchResults_1[1].htm 529 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\comp[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie[1].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie[2].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie[3].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie_300x250c_2clicks[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[3].htm 561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[4] 4160 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[4].htm 561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[5] 4161 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[5].htm 569 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[6] 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[6].htm 561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[7] 90 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[7].htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[8] 4158 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[8].htm 569 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[9] 4159 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[9].htm 553 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[5].aspx 1831 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[6].aspx 1939 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[7].aspx 3434 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[8].aspx 1596 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[9].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\get[1].xml 9428 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\get[2].xml 8306 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ggce302[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\glamadapt_psrv[1].act 8846 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\glamadapt_psrv[2].act 8796 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jquery-fancybox[1].js 15168 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jquery.form[1].js 11115 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\json[1] 10523 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\json[2] 28 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\json[3] 5229 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADBI2V7 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADJFF39 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADJMGG2.htm 554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADN1JY2 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADN6XWB.htm 566 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADULKSC 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADWIVSZ.htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAE5SREH 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEATO70 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAECS5C4.htm 554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEGTHRQ 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\10926-BrightRollRetargeting-Elizabeth-728x90[1].flv 44926 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\110922_9_BUN_TPL_SeeSurfSpeak_85_300x250[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180252[1].htm 8542 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180313[1].htm 738 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180313[2].htm 723 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180408[1].htm 8600 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rt[1].js 1087 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rt[2].js 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\Sapphire_AQ_D_Zenith_016_TravelDine50K_300x250_Display[1].swf 40054 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\scrollTo[1].js 2262 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\SenseHandler[1].ashx 48633 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[2].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[3].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[4].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[11].php 3433 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[1] 936 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[1].php 4304 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[2] 3255 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[2].php 4952 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[3].php 3545 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[4].php 3573 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[5].php 4131 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[6].php 3978 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[7].php 3486 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[8].php 3545 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[9].php 3579 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\deadrush_com[1].htm 50218 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA913AZ2 829 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9DAHCF 1096 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9IZXQX 843 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9SIJI6 1086 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9VJD11 840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9VSMMM 760 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAA5UJ8Y 1197 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAAAW2OK 848 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAAAYQ71 1100 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAAQ6RM7 848 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAASODBE 858 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAB2GO34 839 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCABRP335 840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAC6WN1I 1195 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCACDUKQ7 828 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCACK700H 830 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCADYH9QM 841 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMHP586 824 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMQ22VY 846 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMQOXH7 937 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMRN2O2 724 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMS0RGH 840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMV7RHS 1194 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAN5TN6G 375 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAO4BWWE 698 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAOMPVFZ 1095 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPCQ62A 858 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPH90KX 471 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPKABOH 445 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPWHWBG 1098 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPZCL3F 841 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAHE5NNN 1604 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAHNFXQP 116 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAHUN053 837 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIBAFL2 1332 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAII3L6O 697 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIKY5N4 1194 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIRSC71 838 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIS3Y12 1213 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIWUMQI 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIYKETL 469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJ2NL55 1186 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJ5NC0H 1101 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYGNIE1 1208 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYIEGE3 859 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYJUEY1 830 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYM33TC 836 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYP7SFU 841 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYTT7OT 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZA2QJ5 835 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZGHJ7C 854 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZGTOGZ 1101 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZHKN6Y 390 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZIVGMZ 855 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[10] 63 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[11] 1210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[1] 470 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[2] 927 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[3] 63 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[4] 929 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[5] 1185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[6] 1199 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[7] 832 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[8] 920 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[9] 2697 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\recommendations[1].php 22732 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\TyntSpeedSearch[1].js 34406 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\TyntSpeedSearch[2].js 34406 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\uat_11789[1].js 11316 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\usersync[1] 155 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\BLANK_preroll[1].jpg 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[1] 953 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[1].htm 1442 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[1].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[2].htm 1357 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[2].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[3].htm 926 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[3].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[4].htm 430 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[4].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[5].htm 430 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[5].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[6].htm 1353 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[7].htm 431 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[8].htm 1208 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\brandlift[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ADTECH;loc=100;target=_blank;misc=1325181136781[1] 343 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[1] 490 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[1].htm 3149 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[2] 490 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4N6V4Y 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4S4KHR 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4T2GHY 1124 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4YOQDN 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4ZTJZQ 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA50VD7D 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA5BJF3W 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA6VBSNC 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA6VWWQV 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA7DW3A2.htm 557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA7R3A21 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA7XRWK6 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA84ZF4M 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA8ZE2J4 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA990GX2 4475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9B347K 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9FGKBU 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\forums[1].htm 1556 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAT5K74S 1391 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAU4BAHU 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAU5T0B9 1396 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAU6M2OS 880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAUMA090 854 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAVAJ2D8 830 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAVTOHCN 833 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAW82NMK 833 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAW9UTNJ 470 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAWBDV2T 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAWMI35N 705 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAWMS4ZD 1366 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAXMLVQ0 471 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAY1WZ9M 1207 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAY67V9P 63 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nielsen[1].js 336 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[1].htm 1445 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[2].htm 1506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[3].htm 1426 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[4].htm 1573 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[5].htm 1567 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\p-01-0VIaSjnOLg[1].gif 35 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\p-01-0VIaSjnOLg[2].gif 35 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pacMan_300x250c_2clicks[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\passback_adsgen[1].htm 271 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gonintendo_com[1].htm 1520 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gurl_com[1].htm 1506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gurl_com[2].htm 1475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gurl_com[3].htm 1474 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\welcome-landing[1].txt 76002 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\win[1].bid 1262 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\win[2].bid 2050 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\worth1000_com[1].htm 1378 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\worth1000_com[2].htm 1436 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\wow_f2p_300x250_40k_Goblin[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\wpgroho[1].js 930 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\yume_ad_library_v5[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\index[1].htm 1448 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\interviews[1].htm 1588 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\in[1].js 3072 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[1].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[1].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[2].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[2].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[3].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[3].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[4].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[4].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[5].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[5].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[6].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[7].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[8].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\like[1].php 27001 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\load[1].htm 2509 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\Login[1].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\log[1].png 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAC8DQFF.php 3457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAD8EOCN.php 3682 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCADU2IEO.php 3476 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAFFMYLV.php 3340 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAHQC184.php 3491 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAI1NCL6.php 3963 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAI5I8RX.php 4312 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAICO9ZP.php 4104 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAIRYPGQ.php 4023 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA2Q532S 829 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCADZR1G3 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJCDHUR 1101 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAM9H3LN 992 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYE8X8L 879 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mt[1].js 2087 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\18895121c154b3b1cded476c4fcd9a22[1].jpg 1161 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\24094-2[1].js 1506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[1].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[2].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[3].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[4].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\28569-2[1].js 2164 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cute-boyfriend-nicknames[1].htm 1551 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cute-boyfriend-nicknames[2].htm 1547 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cUVSVxxR[1].png 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\daapi2[1].api 2656 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dapAdChoice[1].js 8635 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\date_chooser[1].js 16731 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA1EG96H.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA2WMSA2.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA36GO2W.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA5C1ISF.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA8JLQGS.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\aceUAC[1].js 16078 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\aceUAC[2].js 16078 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\admeldpixel[1] 340 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\admeld[1].htm 158 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\admeld_fds_fc_ap_2[1] 3031 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[10].htm 1370 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[11].htm 523 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[1].htm 506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[1].txt 1850 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[2].htm 1271 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[2].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[3].htm 1439 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[3].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[4].htm 1121 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[4].txt 1371 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[5].htm 545 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[5].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[6].htm 1172 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[6].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[7].htm 332 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[7].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[8].htm 1551 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[8].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[9].htm 2467 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCASWQU3H 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAUSDWYL 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAUTIEX0 432 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAVQM3EU 433 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAW1PMMW 266 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAXP7HRO 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAXXDVS7 256 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAZG43VX 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[10] 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[11] 351 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[1] 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[2] 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[3] 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[4] 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[5] 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[6] 164 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[7] 297 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[8] 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[9] 401 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[3].htm 3177 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[4] 190 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[5] 301 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad_call[2].js 17188 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA18GNR0.php 4109 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA1QFFM0.php 3482 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA1US2JW.php 4925 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA2MPSE6.php 3934 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA3GY2II.php 5509 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA56KTIT.php 3555 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA83OTM2.php 3860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA99FDDM.php 4148 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAADXDPU.php 3498 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAB4DVYM.php 3480 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAB5IEN0.php 11807 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAB9VO19.php 3148 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[1].htm 789 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[1].js 1900 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[1].txt 69 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[2].htm 792 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[4].htm 188 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bgAboutHR[1].png 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ako[1] 597 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\am-nhac[1].htm 1555 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\apartmentfinder_com[1].txt 34747 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5878645[1].htm 6210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5878645[2].htm 6213 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\proxy[2].htm 23 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA3CMHHE 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA51NUG6 255 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA5Z6WEA 289 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA74R3J6 285 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA7EJUHB 344 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA7W96O7 306 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA7ZAXSJ 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA8EKMR7 278 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA9N4EGW 277 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA9ZM9K5 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAA1MDJB 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAB0WP0I 263 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCABYCUW6 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAD3M8YK 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAD8K5AB 210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCADWRUE4 272 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\canon-vixia-hf-s20-review[1].txt 79600 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ca[1] 24890 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ca[2] 24890 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ca[3] 5745 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\clk[1] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[5] 1046 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[6] 566 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[7] 302 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[8] 302 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[10] 1276 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[1] 1244 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[2] 2888 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[3] 1129 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[4] 2953 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[5] 531 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[6] 2121 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[7] 2888 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[8] 2990 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[9] 303 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\G17700[1].js 3724 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gc_bw_11_speedometer_728x90_a[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[10].aspx 1563 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[1].aspx 1939 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[2].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[3].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAR1V9IY.php 4085 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCARYIWTY.php 3119 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAS8MOSW.php 3365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCASBXEMA.php 4994 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCASOGTE1.php 3862 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCATGTCYN.php 3894 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCATWZO4C.php 3581 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAUL8BZC.php 3412 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAULQCJV.php 3379 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAUTGALQ.php 3964 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\hPjUxqSv_512K_480x360[1].flv 1072785 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pibiview[1].js 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pibiview[2].js 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[10] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[11] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[1] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[1].htm 342 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[1].swf 36 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[2] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[2].htm 343 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[3] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[3].htm 343 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[4] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[5] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[6] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[7] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[8] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[9] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAE1B61D 265 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAEQY09C 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAGXZMRI 283 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAHQ69OG 304 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAII4OVU 336 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAILZNTF 344 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAIUN1Q6 280 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAJMGH92 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAK8LKEJ 256 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAKVLOLI 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCALOELJ1 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAM0XJBL 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAM29HNB 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAN8ZA2O 255 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCANXU7HN 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAOZROEN 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAPIKXZ4 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCARVS8X0 210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCASDNULP 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARJ437H 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARN8W29 4186 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAS1YYON 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAS98NPX 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCASBFYQ9 2583 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAT5H207 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCATG7KVC 4478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCATRFRH6 4499 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCATSK4MV 4478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAU5OZGA 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\timeout[1].html 162 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCAFZYIHE.htm 760 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCAH3K5Z8.htm 320 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCANESNPI.htm 760 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCAR85SK0.htm 1308 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttj[1] 1481 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttj[2] 295 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\momtourage_com[1].htm 1482 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[1].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[2].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[3].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[4].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[5].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[6].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[7].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\suboptions[1].css 536 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[1] 203 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[1].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[2] 211 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[3] 211 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[4] 203 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\telemetry_player_vpaid_as3[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\engine[1].htm 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\esUujtpD[1].png 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[1].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[2].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[3].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[4].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[5].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[6].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[7].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[8].flow 104 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[9].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAD0QYJV.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAO2KZ46.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCASN4NR8.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAWTEL60.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAXAULMU.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[10].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[11].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[1].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[2].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[3].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[4].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[5].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[6].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[7].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[8].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[9].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\Lp_Ns2NjfvH[1].js 55567 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mailchimp[1].js 941 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\main[1].htm 1505 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\match[1].txt 164 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[1].js 302 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[2].js 401 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[3].js 379 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[4].js 385 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[5].js 385 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[6].js 401 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[10] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[11] 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[1] 2053 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[2] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[3] 2624 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[4] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[5] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[6] 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[7] 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[8] 2686 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[9] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[1].4;sz=728x90;ord=[timestamp] 5405 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[1].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[2].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[3].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[4].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[5].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760;sz=300x250;u=SourceID[];ord=[timestamp][1] 38816 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760;sz=300x250;u=SourceID[];ord=[timestamp][2] 38822 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[1].2;sz=728x90;u=SourceID[];ord=[timestamp] 38818 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[2].2;sz=728x90;u=SourceID[];ord=[timestamp] 38767 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[3].2;sz=728x90;u=SourceID[];ord=[timestamp] 38767 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[4].2;sz=728x90;u=SourceID[];ord=[timestamp] 38798 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAVFAOGO.php 3970 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAWELMQ4.php 3550 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAWJI3I2.php 3880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAX968D1.php 4103 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAXG2NXO.php 3227 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAXWHC2G.php 3965 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAYSNUWM.php 3515 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAZ1L7RM.php 3968 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAZ86GDO.php 3562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\verizon-to-charge-2-fee-for-paying-your-bill-online-or-over-the-phone[1].txt 68278 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\view[1].aspx 2552 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\visit[4].js 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\vj[1] 221 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\vj[2] 221 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\vj[3] 221 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\c3VTabstrct-6-2[1].htm 6657 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cached_iframe[1].htm 1080 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\sports[1] 3131 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\sports[2] 1327 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\statsnew[1].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA041T9F 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2AHJHJ 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2FDUB1 4451 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2HEGE1 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2M3EWO 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA339WWC 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA3GXZIB 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA3VYS2T.htm 554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA3W2F7L 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomainCA3Y2WYL.xml 187 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomainCAEOWBL1.xml 244 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomainCALA0TPW.xml 187 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomain[1].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomain[4].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dk[1].js 1383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fad.xertive[1].com%252Fst%253Fad_type%253Diframe%2526ad_size%253D160x600%2526section%253D2689757 1054 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fholidays.shopflick.com%252Fcoupon-deals[1].html 500 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fholidays.shopflick[1].com%252F%253Futm_source%253D113320_178302_n25058%2526utm_medium%253Dcpc%2526utm_campaign%253DAON 500 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fholidays.shopflick[2].com%252F%253Futm_source%253D113320_178302_n25058%2526utm_medium%253Dcpc%2526utm_campaign%253DAON 1059 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\desktop.ini 67 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\digitaltrends_com[1].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7253Q4 706 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA73SKWH 724 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA77SEG0 698 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA78BBIX 846 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7IHJTW 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7JDTPG 209 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7QGBLA 832 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA86HYM5 720 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA88R1VA 831 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA8MXBI2 116 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA8P4EWL 207 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA8XFRNC 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomain[5].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCACW57XV.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[4].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[1].htm 365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rm[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCA0U4AEK 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCA20UR7A 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCA2WP77F 2732 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCADN5ZXK 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAEQASBX 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAF6WX7Y 2569 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAF89BAL 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAG5IOII 1818 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAK9JGTW 2696 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCALNFN7Q 2733 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAXG1PNE 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCASVWD1X 278 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9KL68Q 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUHF6PK.htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWUV5QX 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[3] 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[4] 305 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\28617-2[1].js 3717 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\28645-9[1].js 3938 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\3355475161f44788c4e5638bfe5e8eda[1].swf 24535 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\3a49244ffaa8b8c1270056523160c294[1].swf 12855 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\3d-super-ball[1].htm 200 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\5deaaec950cdd7804edc0a84b541704b[1].swf 34570 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\614[1].htm 1517 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\614[2].htm 1478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\6vxHCx[1] 4941 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\;at_248923276=good;at_249032483=good;at_249147860=good;at_247111730=good;at_247131450=good;at_247599625=good;at_247531327=good;at_24;~cs=u[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\;at_248923276=good;at_249032483=good;at_249147860=good;at_247111730=good;at_247131450=good;at_247599625=good;at_247531327=good;at_24;~cs=u[2].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\;TKCHAN=106;ord=1325181900[1] 480 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\acbj[1] 883 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\acbj[2] 1314 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\acbj[3] 821 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAXDOPW7 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAY3I0EW 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAY53RXE 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAYM0JWD 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAYTZVPQ 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAYZ5F4Y 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAZ092JW 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAZ3J93W 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAZOD3LJ 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\style[1].css 20554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[10] 4260 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[10].htm 578 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[11] 4475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[11].htm 578 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[1] 4478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[1].gif 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[1].htm 513 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[2] 4448 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[2].htm 563 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKJ8WBL 4043 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKL08KR 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKUYWN1 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKYQEGU 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAMAZK9T 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAMD6Q0L 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAN6O2F0.htm 530 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCANB0Y0L 1123 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCANMBKA8 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCANT12T7 90 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAO1IORO 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[1] 3146 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[2] 1220 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[3] 1260 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQELUI2 918 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQPVTEO 1202 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQQMC5H 1201 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQX62LU 720 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQYVOZV 1312 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAR4CXPZ 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAR63BZT 911 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCARXS8GE 1295 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCARZ883Q 704 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASMTEF6 854 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASRXOSX 1421 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASTEIHQ 209 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASXZV3G 850 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASZQ6NC 1284 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9NQLGM 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAA3SQM9 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAAGJHRD 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAASFYR0 4181 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAB01N08 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAB4ZVLU 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACC8A7L 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACFD2W4 4451 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACOIBN2 4496 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACSJ1UO 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAD1F09V 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCADZR296 1434 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAE88D24 1600 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAEBM9MK 1261 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAEHE8JL 1350 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAEWRN5S 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAF1T3WO 469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAFG9HDB 1093 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAFHD2HX 852 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAG749NG 835 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGMKMF4 833 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGVK1J9 1740 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGVWHGY 880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGYJ8T1 755 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA2SNVQS 848 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA32GNK7 842 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA37URSA 855 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA38R2FH 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA3OZ8P6 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA3UMIDY 1346 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA4JQHO9 951 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6BHHRF 829 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6H5RN2 1365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6KF7US 1615 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6YQDVA 1239 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJQ3ALA 925 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKLITY5 390 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKNZJ6X 1212 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKR2W7Z 1196 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKRDTRM 1198 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKST2C7 577 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCALEJ03W 1367 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCALNQ9XG 880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCALX0LXD 1236 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAM1WRQ6 116 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAM6IK2J 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEJR1TT 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEK9AEQ 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEZXMJK 4475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAF0AW9H 1128 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAF3IWE5 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGAL9KS 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGFCZHK 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGLASSF 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGLBFEW 4451 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGUOURB 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHAL7VE 385 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHFOTPB.htm 556 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHWMOTT 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHYA5ZD 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAJ89SQ1 4043 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAJCIS0O 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAJERRIG 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAKFAU2H.php 3554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAKWYEI6.php 3557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAKZUQ8P.php 4204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAL0GAVZ.php 3549 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAM45WN1.php 3486 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAMK272S.php 3377 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCANHIG07.php 3593 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAOLFPOE.php 3810 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAOSPL1L.php 3806 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA07KZXW.htm 365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA1KDASV.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA1LUC7M.htm 1824 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA2C280S.htm 339 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA3RH0WW.htm 1403 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA4RYMV6.htm 1095 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA66QM9K.htm 493 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA6CJQPT.htm 755 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA7RLY5Y.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAAU8Y2I.htm 537 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAD56M53.htm 692 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CADW5IRI.htm 1309 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAEV87YW.htm 815 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAJ0VKAY.htm 1039 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAQ5R5GR.htm 558 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAV71GGR.htm 784 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAV9W2H4.htm 404 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAVDDJDL.htm 739 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAVIMAOQ.htm 365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAZKC478.htm 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[10].htm 767 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[11].htm 763 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\myphoenixteams_com[1].txt 67037 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\m[1].gif 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\m[2].gif 44 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\m[3].gif 44 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\n7d-bizopp-scrollbox[1].gif 12768 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja;TKCHAN=106;ord=1325187072[1] 498 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja;TKCHAN=117;ord=1325188544[1] 498 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja[1].htm 1467 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja[2].htm 1514 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja[3].htm 1490 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\net[1].htm 709 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUKN5PA 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUQ063T 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUYRVAL.htm 557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAV87D77 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAVCGE6Y 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAVCTIUE 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAVK69IP 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWIVB4C 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWKEDY8.htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWOJKEP 4496 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAOFJR77 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAOJ3NHB 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAOVHT8S 4496 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAP0VBBL 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAP8WFAP 4159 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPEXEBJ.htm 557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPHYHSZ 4261 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPP4O29 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPW1A5F 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAQVG3YQ 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAR111F7 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARIH5HM 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARINXUH 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA04ZFRA 1210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA066RYU 1371 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA0IBK6E 828 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA1E1BZY 390 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA1PQMBI 836 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA29LN0O 1198 bytes
---- EOF - GMER 1.0.15 ----
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 15:51:10
-----------------------------
15:51:10.992 OS Version: Windows 5.1.2600 Service Pack 3
15:51:10.992 Number of processors: 1 586 0x7F02
15:51:10.992 ComputerName: MCLENOVO UserName: MC
15:51:18.397 Initialize success
15:52:31.049 AVAST engine defs: 11123001
15:53:15.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:53:15.813 Disk 0 Vendor: WDC_WD1600YS-18SHB2 20.06C07 Size: 152587MB BusType: 3
15:53:15.813 Device \Driver\atapi -> DriverStartIo 82c492c6
15:53:16.109 Disk 0 MBR read successfully
15:53:16.109 Disk 0 MBR scan
15:53:16.859 Disk 0 Windows XP default MBR code
15:53:17.016 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
15:53:17.016 Disk 0 Partition - 00 05 Extended 76269 MB offset 156296385
15:53:17.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76269 MB offset 156296448
15:53:17.672 Disk 0 scanning sectors +312496380
15:53:18.906 Disk 0 scanning C:\WINDOWS\system32\drivers
15:58:08.516 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
16:03:29.984 Service scanning
16:04:31.278 Modules scanning
16:05:41.024 Module: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
16:06:28.319 Disk 0 trace - called modules:
16:06:28.319 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82811f10]<<
16:06:28.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8317eab8]
16:06:28.319 3 CLASSPNP.SYS[f759cfd7] -> nt!IofCallDriver -> [0x828cfa60]
16:06:28.319 \Driver\00001312[0x82ca25f0] -> IRP_MJ_CREATE -> 0x82811f10
16:06:39.318 AVAST engine scan C:\WINDOWS
16:10:47.524 AVAST engine scan C:\WINDOWS\system32
16:18:34.160 AVAST engine scan C:\WINDOWS\system32\drivers
16:18:48.690 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
16:19:16.892 AVAST engine scan C:\Documents and Settings\MC
17:36:20.204 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
17:38:59.716 Scan finished successfully
20:42:24.287 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MC\Desktop\MBR.dat"
20:42:24.287 The log file has been saved successfully to "C:\Documents and Settings\MC\Desktop\aswMBR.txt"
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by MC at 20:56:42 on 2011-12-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PWRAGD] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\mc\startm~1\programs\startup\eventr~1.lnk - c:\program files\mindscape\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\mc\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.250\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 65.32.1.65 65.32.1.70
TCP: Interfaces\{266C3E0E-F3EA-4A34-B4D7-1A897DCCF885} : DhcpNameServer = 65.32.1.65 65.32.1.70
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mc\application data\mozilla\firefox\profiles\kfm3e5c6.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c1f19bc&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-12-29 20:00:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-19 20:16:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600YS-18SHB2 rev.20.06C07 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82811F10]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8317EAB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x828CFA60]
\Driver\00001312[0x82CA25F0] -> IRP_MJ_CREATE -> 0x82811F10
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82C492C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:58:50.88 ===============
.
DDS (Ver_2011-06-23.01)
.
.
THIS IS THE HEADER OF ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
....Please Read This..... states
"post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log"
As the statements are at a variance I am doing nothing until further instruction.
I do have attach.txt and will transmit its contents as directed
www.malwarebytes.org
Database version: v2011.12.29.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MC :: MCLENOVO [administrator]
12/29/2011 3:00:29 PM
mbam-log-2011-12-29 (15-00-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466122
Time elapsed: 3 hour(s), 46 minute(s), 27 second(s)
Memory Processes Detected: 3
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 1948 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 3824 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 4516 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 56
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com_ (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki58918.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\501.3342.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\911.6228.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\359.2702.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.1079568372528027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.15335151461910845.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17747877173368776.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17777054093356692.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.22588130243656412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.240513181918786.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.24553409018840222.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.25010114673796413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.32484537371683575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3312597424562248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3506092492388043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.35934956839592136.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3645572140033807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3857986321075795.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47462399959130985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47776671727206055.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4911577547642141.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5956346731772147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5963870360806521.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8067415534422132.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8169260297638787.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8554157897545503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8990266496797329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.5047565167411605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.030998777676057743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.13417966231262268.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4689727422896043.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.570773550379099.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.746897290020857.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.0705427049039472.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.3079881952135458.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5206753269452312.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5856143785041231.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.8634492555498373.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wera0.8720141443817981.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.17310091991236853.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.721731446718463.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2348678956786081.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2693866287207911.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3198743707636792.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5295476724462552.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.6355572187413162.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.7420488700562493.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8407855540284099.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8573626512833309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8668565905927096.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.12748044852534113.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.21886543346445309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.29.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MC :: MCLENOVO [administrator]
12/29/2011 3:00:29 PM
mbam-log-2011-12-29 (15-00-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466122
Time elapsed: 3 hour(s), 46 minute(s), 27 second(s)
Memory Processes Detected: 3
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 1948 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 3824 -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> 4516 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 56
C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m40hE.com_ (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki58918.exe (Trojan.Email) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\501.3342.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\911.6228.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\359.2702.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.1079568372528027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.15335151461910845.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17747877173368776.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.17777054093356692.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.22588130243656412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.240513181918786.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.24553409018840222.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.25010114673796413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.32484537371683575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3312597424562248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3506092492388043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.35934956839592136.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3645572140033807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3857986321075795.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47462399959130985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.47776671727206055.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4911577547642141.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5956346731772147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5963870360806521.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8067415534422132.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8169260297638787.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8554157897545503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8990266496797329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.5047565167411605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.030998777676057743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.13417966231262268.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.4689727422896043.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.570773550379099.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.746897290020857.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.0705427049039472.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.3079881952135458.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5206753269452312.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.5856143785041231.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.8634492555498373.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wera0.8720141443817981.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sghj0.17310091991236853.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.721731446718463.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2348678956786081.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.2693866287207911.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3198743707636792.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5295476724462552.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.6355572187413162.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.7420488700562493.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8407855540284099.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8573626512833309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8668565905927096.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.12748044852534113.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.21886543346445309.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 14:55:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600YS-18SHB2 rev.20.06C07
Running: n7gmo46c.exe; Driver: C:\DOCUME~1\MC\LOCALS~1\Temp\axlyypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF4E91000, 0x1CBE76, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[620] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0104000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0105000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0103000C
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0393000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0395000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 03BE000A
.text C:\WINDOWS\System32\svchost.exe[1116] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00FF000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A4000A
.text C:\WINDOWS\System32\ping.exe[3780] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 001A000C
.text C:\WINDOWS\System32\ping.exe[3780] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BC000A
.text C:\WINDOWS\System32\ping.exe[3780] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BD000A
.text C:\WINDOWS\System32\ping.exe[3780] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\ping.exe[3780] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00BB000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 82C3E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 82C3E2C6
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) AD998000-AD9B2000 (106496 bytes)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB28011$\2486237531 0 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\bckfg.tmp 849 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\keywords 318 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\L 0 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\L\goxiovoe 456320 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U 0 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB28011$\2486237531\U\80000032.@ 77312 bytes
File C:\WINDOWS\$NtUninstallKB28011$\3010183376 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[1].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[2].htm 8698 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[3].htm 6228 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[4].htm 759 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[5].htm 8505 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[6].htm 8672 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[7].htm 2551 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\01[8].htm 8192 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dynamic_companion_banner_iframe[1].htm 991 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\eam[1].txt 182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\empty[1].htm 239 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[1].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[2].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[3].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[4].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[5].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[6].htm 349 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adoapn_AppNexusDemoActionTag_1[7].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[1].htm 1546 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[2].htm 1797 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[3].htm 1529 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[4].htm 1292 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\AdServerServlet[5].htm 1534 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adServer[1].htm 2460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\adsgen[1].htm 1163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ads[1].js 11839 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\js[1] 8617 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[1].htm 877 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\js[2] 7980 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[2].htm 633 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[3].htm 1134 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\JS[4].htm 306 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jwplayer[1].js 140572 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\j[1].ad 378 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\kelly2[1].jpg 11307 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\lgrt[1] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\lgrt[2] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\p[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[2].htm 835 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[3].htm 494 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[4].htm 933 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[5].htm 360 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[6].htm 338 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[7].htm 339 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[8].htm 338 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[9].htm 976 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframepull5[1].htm 1125 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[1].htm 1240 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[1].txt 526 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[2].htm 1240 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\if[2].txt 2426 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\aceUACping[1].htm 2990 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[3] 491 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAPHREE9.php 3376 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAV5SVZK.php 3376 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[10].php 3960 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\PlayerSeed[1].js 85029 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\PlayerSeed[2].js 85029 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\plusone[1].js 7227 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\popeye_300x250d_2clicks[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\PortalServe[1].htm 18085 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[1] 516 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[1].htm 1477 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[2] 514 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pq[3] 514 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cntcp9_YellowpagesSearchResults_1[1].htm 529 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\comp[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie[1].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie[2].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie[3].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cookie_300x250c_2clicks[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[3].htm 561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[4] 4160 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[4].htm 561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[5] 4161 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[5].htm 569 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[6] 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[6].htm 561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[7] 90 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[7].htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[8] 4158 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[8].htm 569 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[9] 4159 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[9].htm 553 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[5].aspx 1831 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[6].aspx 1939 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[7].aspx 3434 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[8].aspx 1596 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[9].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\get[1].xml 9428 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\get[2].xml 8306 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ggce302[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\glamadapt_psrv[1].act 8846 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\glamadapt_psrv[2].act 8796 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jquery-fancybox[1].js 15168 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jquery.form[1].js 11115 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\json[1] 10523 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\json[2] 28 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\json[3] 5229 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADBI2V7 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADJFF39 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADJMGG2.htm 554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADN1JY2 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADN6XWB.htm 566 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADULKSC 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCADWIVSZ.htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAE5SREH 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEATO70 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAECS5C4.htm 554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEGTHRQ 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\10926-BrightRollRetargeting-Elizabeth-728x90[1].flv 44926 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\110922_9_BUN_TPL_SeeSurfSpeak_85_300x250[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180252[1].htm 8542 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180313[1].htm 738 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180313[2].htm 723 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\1325180408[1].htm 8600 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rt[1].js 1087 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rt[2].js 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\Sapphire_AQ_D_Zenith_016_TravelDine50K_300x250_Display[1].swf 40054 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\scrollTo[1].js 2262 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\SenseHandler[1].ashx 48633 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[2].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[3].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\set_partner_uid[4].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[11].php 3433 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[1] 936 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[1].php 4304 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[2] 3255 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[2].php 4952 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[3].php 3545 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[4].php 3573 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[5].php 4131 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[6].php 3978 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[7].php 3486 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[8].php 3545 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajs[9].php 3579 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\deadrush_com[1].htm 50218 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA913AZ2 829 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9DAHCF 1096 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9IZXQX 843 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9SIJI6 1086 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9VJD11 840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA9VSMMM 760 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAA5UJ8Y 1197 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAAAW2OK 848 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAAAYQ71 1100 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAAQ6RM7 848 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAASODBE 858 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAB2GO34 839 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCABRP335 840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAC6WN1I 1195 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCACDUKQ7 828 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCACK700H 830 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCADYH9QM 841 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMHP586 824 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMQ22VY 846 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMQOXH7 937 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMRN2O2 724 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMS0RGH 840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAMV7RHS 1194 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAN5TN6G 375 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAO4BWWE 698 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAOMPVFZ 1095 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPCQ62A 858 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPH90KX 471 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPKABOH 445 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPWHWBG 1098 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAPZCL3F 841 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAHE5NNN 1604 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAHNFXQP 116 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAHUN053 837 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIBAFL2 1332 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAII3L6O 697 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIKY5N4 1194 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIRSC71 838 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIS3Y12 1213 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIWUMQI 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAIYKETL 469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJ2NL55 1186 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJ5NC0H 1101 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYGNIE1 1208 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYIEGE3 859 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYJUEY1 830 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYM33TC 836 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYP7SFU 841 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYTT7OT 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZA2QJ5 835 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZGHJ7C 854 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZGTOGZ 1101 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZHKN6Y 390 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAZIVGMZ 855 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[10] 63 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[11] 1210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[1] 470 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[2] 927 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[3] 63 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[4] 929 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[5] 1185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[6] 1199 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[7] 832 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[8] 920 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\imp[9] 2697 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\recommendations[1].php 22732 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\TyntSpeedSearch[1].js 34406 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\TyntSpeedSearch[2].js 34406 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\uat_11789[1].js 11316 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\usersync[1] 155 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\BLANK_preroll[1].jpg 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[1] 953 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[1].htm 1442 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[1].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[2].htm 1357 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[2].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[3].htm 926 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[3].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[4].htm 430 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[4].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[5].htm 430 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[5].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[6].htm 1353 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[7].htm 431 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bounce[8].htm 1208 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\brandlift[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ADTECH;loc=100;target=_blank;misc=1325181136781[1] 343 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[1] 490 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[1].htm 3149 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[2] 490 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4N6V4Y 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4S4KHR 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4T2GHY 1124 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4YOQDN 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA4ZTJZQ 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA50VD7D 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA5BJF3W 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA6VBSNC 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA6VWWQV 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA7DW3A2.htm 557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA7R3A21 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA7XRWK6 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA84ZF4M 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA8ZE2J4 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA990GX2 4475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9B347K 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9FGKBU 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\forums[1].htm 1556 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAT5K74S 1391 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAU4BAHU 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAU5T0B9 1396 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAU6M2OS 880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAUMA090 854 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAVAJ2D8 830 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAVTOHCN 833 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAW82NMK 833 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAW9UTNJ 470 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAWBDV2T 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAWMI35N 705 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAWMS4ZD 1366 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAXMLVQ0 471 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAY1WZ9M 1207 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAY67V9P 63 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nielsen[1].js 336 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[1].htm 1445 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[2].htm 1506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[3].htm 1426 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[4].htm 1573 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nissanclub_com[5].htm 1567 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\p-01-0VIaSjnOLg[1].gif 35 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\p-01-0VIaSjnOLg[2].gif 35 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pacMan_300x250c_2clicks[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\passback_adsgen[1].htm 271 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gonintendo_com[1].htm 1520 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gurl_com[1].htm 1506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gurl_com[2].htm 1475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gurl_com[3].htm 1474 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\welcome-landing[1].txt 76002 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\win[1].bid 1262 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\win[2].bid 2050 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\worth1000_com[1].htm 1378 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\worth1000_com[2].htm 1436 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\wow_f2p_300x250_40k_Goblin[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\wpgroho[1].js 930 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\yume_ad_library_v5[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\index[1].htm 1448 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\interviews[1].htm 1588 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\in[1].js 3072 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[1].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[1].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[2].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[2].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[3].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[3].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[4].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[4].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[5].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[5].js 25468 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[6].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[7].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\jd.gallery[8].css 6373 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\like[1].php 27001 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\load[1].htm 2509 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\Login[1].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\log[1].png 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAC8DQFF.php 3457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAD8EOCN.php 3682 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCADU2IEO.php 3476 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAFFMYLV.php 3340 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAHQC184.php 3491 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAI1NCL6.php 3963 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAI5I8RX.php 4312 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAICO9ZP.php 4104 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAIRYPGQ.php 4023 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA2Q532S 829 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCADZR1G3 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJCDHUR 1101 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAM9H3LN 992 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAYE8X8L 879 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mt[1].js 2087 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\18895121c154b3b1cded476c4fcd9a22[1].jpg 1161 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\24094-2[1].js 1506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[1].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[2].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[3].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\281411[4].html 117 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\28569-2[1].js 2164 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cute-boyfriend-nicknames[1].htm 1551 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cute-boyfriend-nicknames[2].htm 1547 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cUVSVxxR[1].png 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\daapi2[1].api 2656 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dapAdChoice[1].js 8635 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\date_chooser[1].js 16731 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA1EG96H.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA2WMSA2.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA36GO2W.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA5C1ISF.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCA8JLQGS.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\aceUAC[1].js 16078 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\aceUAC[2].js 16078 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\admeldpixel[1] 340 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\admeld[1].htm 158 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\admeld_fds_fc_ap_2[1] 3031 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[10].htm 1370 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[11].htm 523 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[1].htm 506 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[1].txt 1850 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[2].htm 1271 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[2].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[3].htm 1439 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[3].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[4].htm 1121 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[4].txt 1371 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[5].htm 545 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[5].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[6].htm 1172 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[6].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[7].htm 332 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[7].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[8].htm 1551 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[8].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tt[9].htm 2467 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCASWQU3H 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAUSDWYL 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAUTIEX0 432 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAVQM3EU 433 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAW1PMMW 266 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAXP7HRO 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAXXDVS7 256 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAZG43VX 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[10] 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[11] 351 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[1] 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[2] 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[3] 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[4] 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[5] 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[6] 164 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[7] 297 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[8] 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptj[9] 401 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[3].htm 3177 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[4] 190 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad[5] 301 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ad_call[2].js 17188 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA18GNR0.php 4109 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA1QFFM0.php 3482 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA1US2JW.php 4925 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA2MPSE6.php 3934 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA3GY2II.php 5509 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA56KTIT.php 3555 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA83OTM2.php 3860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCA99FDDM.php 4148 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAADXDPU.php 3498 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAB4DVYM.php 3480 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAB5IEN0.php 11807 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAB9VO19.php 3148 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[1].htm 789 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[1].js 1900 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[1].txt 69 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[2].htm 792 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\beacon[4].htm 188 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\bgAboutHR[1].png 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ako[1] 597 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\am-nhac[1].htm 1555 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\apartmentfinder_com[1].txt 34747 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5878645[1].htm 6210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5878645[2].htm 6213 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\proxy[2].htm 23 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA3CMHHE 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA51NUG6 255 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA5Z6WEA 289 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA74R3J6 285 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA7EJUHB 344 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA7W96O7 306 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA7ZAXSJ 163 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA8EKMR7 278 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA9N4EGW 277 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCA9ZM9K5 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAA1MDJB 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAB0WP0I 263 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCABYCUW6 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAD3M8YK 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAD8K5AB 210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCADWRUE4 272 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\canon-vixia-hf-s20-review[1].txt 79600 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ca[1] 24890 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ca[2] 24890 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ca[3] 5745 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\clk[1] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[5] 1046 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[6] 566 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[7] 302 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[8] 302 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[10] 1276 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[1] 1244 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[2] 2888 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[3] 1129 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[4] 2953 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[5] 531 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[6] 2121 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[7] 2888 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[8] 2990 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg[9] 303 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\G17700[1].js 3724 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\gc_bw_11_speedometer_728x90_a[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[10].aspx 1563 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[1].aspx 1939 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[2].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[3].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAR1V9IY.php 4085 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCARYIWTY.php 3119 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAS8MOSW.php 3365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCASBXEMA.php 4994 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCASOGTE1.php 3862 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCATGTCYN.php 3894 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCATWZO4C.php 3581 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAUL8BZC.php 3412 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAULQCJV.php 3379 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAUTGALQ.php 3964 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\hPjUxqSv_512K_480x360[1].flv 1072785 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pibiview[1].js 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pibiview[2].js 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[10] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[11] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[1] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[1].htm 342 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[1].swf 36 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[2] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[2].htm 343 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[3] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[3].htm 343 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[4] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[5] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[6] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[7] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[8] 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\pixel[9] 660 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAE1B61D 265 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAEQY09C 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAGXZMRI 283 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAHQ69OG 304 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAII4OVU 336 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAILZNTF 344 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAIUN1Q6 280 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAJMGH92 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAK8LKEJ 256 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAKVLOLI 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCALOELJ1 166 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAM0XJBL 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAM29HNB 165 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAN8ZA2O 255 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCANXU7HN 383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAOZROEN 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCAPIKXZ4 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCARVS8X0 210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCASDNULP 167 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARJ437H 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARN8W29 4186 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAS1YYON 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAS98NPX 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCASBFYQ9 2583 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAT5H207 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCATG7KVC 4478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCATRFRH6 4499 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCATSK4MV 4478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAU5OZGA 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\timeout[1].html 162 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCAFZYIHE.htm 760 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCAH3K5Z8.htm 320 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCANESNPI.htm 760 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttCAR85SK0.htm 1308 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttj[1] 1481 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ttj[2] 295 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\momtourage_com[1].htm 1482 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[1].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[2].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[3].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[4].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[5].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[6].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mootools.v1.11[7].js 34840 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\suboptions[1].css 536 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[1] 203 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[1].htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[2] 211 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[3] 211 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tag[4] 203 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\telemetry_player_vpaid_as3[1].swf 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\engine[1].htm 204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\esUujtpD[1].png 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[1].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[2].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[3].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[4].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[5].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[6].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[7].flow 106 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[8].flow 104 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\event[9].flow 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAD0QYJV.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAO2KZ46.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCASN4NR8.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAWTEL60.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCAXAULMU.htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[10].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[11].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[1].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[2].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[3].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[4].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[5].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[6].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[7].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[8].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddc[9].htm 11861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\Lp_Ns2NjfvH[1].js 55567 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\mailchimp[1].js 941 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\main[1].htm 1505 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\match[1].txt 164 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[1].js 302 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[2].js 401 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[3].js 379 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[4].js 385 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[5].js 385 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\meld[6].js 401 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[10] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[11] 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[1] 2053 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[2] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[3] 2624 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[4] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[5] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[6] 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[7] 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[8] 2686 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ros[9] 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[1].4;sz=728x90;ord=[timestamp] 5405 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[1].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[2].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[3].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[4].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5917045[5].6;sz=160x600;ord=[timestamp] 386 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760;sz=300x250;u=SourceID[];ord=[timestamp][1] 38816 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760;sz=300x250;u=SourceID[];ord=[timestamp][2] 38822 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[1].2;sz=728x90;u=SourceID[];ord=[timestamp] 38818 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[2].2;sz=728x90;u=SourceID[];ord=[timestamp] 38767 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[3].2;sz=728x90;u=SourceID[];ord=[timestamp] 38767 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\B5994760[4].2;sz=728x90;u=SourceID[];ord=[timestamp] 38798 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAVFAOGO.php 3970 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAWELMQ4.php 3550 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAWJI3I2.php 3880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAX968D1.php 4103 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAXG2NXO.php 3227 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAXWHC2G.php 3965 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAYSNUWM.php 3515 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAZ1L7RM.php 3968 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAZ86GDO.php 3562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\verizon-to-charge-2-fee-for-paying-your-bill-online-or-over-the-phone[1].txt 68278 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\view[1].aspx 2552 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\visit[4].js 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\vj[1] 221 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\vj[2] 221 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\vj[3] 221 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\c3VTabstrct-6-2[1].htm 6657 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\cached_iframe[1].htm 1080 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\sports[1] 3131 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\sports[2] 1327 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\statsnew[1].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA041T9F 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2AHJHJ 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2FDUB1 4451 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2HEGE1 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA2M3EWO 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA339WWC 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA3GXZIB 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA3VYS2T.htm 554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA3W2F7L 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomainCA3Y2WYL.xml 187 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomainCAEOWBL1.xml 244 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomainCALA0TPW.xml 187 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomain[1].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomain[4].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dk[1].js 1383 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fad.xertive[1].com%252Fst%253Fad_type%253Diframe%2526ad_size%253D160x600%2526section%253D2689757 1054 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fholidays.shopflick.com%252Fcoupon-deals[1].html 500 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fholidays.shopflick[1].com%252F%253Futm_source%253D113320_178302_n25058%2526utm_medium%253Dcpc%2526utm_campaign%253DAON 500 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\dref=http%253A%252F%252Fholidays.shopflick[2].com%252F%253Futm_source%253D113320_178302_n25058%2526utm_medium%253Dcpc%2526utm_campaign%253DAON 1059 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\desktop.ini 67 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\digitaltrends_com[1].txt 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7253Q4 706 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA73SKWH 724 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA77SEG0 698 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA78BBIX 846 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7IHJTW 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7JDTPG 209 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA7QGBLA 832 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA86HYM5 720 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA88R1VA 831 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA8MXBI2 116 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA8P4EWL 207 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA8XFRNC 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\crossdomain[5].xml 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ddcCACW57XV.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\GetAd[4].aspx 1561 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[1].htm 365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rm[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCA0U4AEK 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCA20UR7A 1860 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCA2WP77F 2732 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCADN5ZXK 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAEQASBX 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAF6WX7Y 2569 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAF89BAL 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAG5IOII 1818 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAK9JGTW 2696 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCALNFN7Q 2733 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\rosCAXG1PNE 1861 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ptjCASVWD1X 278 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9KL68Q 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUHF6PK.htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWUV5QX 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[3] 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[4] 305 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\28617-2[1].js 3717 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\28645-9[1].js 3938 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\3355475161f44788c4e5638bfe5e8eda[1].swf 24535 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\3a49244ffaa8b8c1270056523160c294[1].swf 12855 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\3d-super-ball[1].htm 200 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\5deaaec950cdd7804edc0a84b541704b[1].swf 34570 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\614[1].htm 1517 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\614[2].htm 1478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\6vxHCx[1] 4941 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\;at_248923276=good;at_249032483=good;at_249147860=good;at_247111730=good;at_247131450=good;at_247599625=good;at_247531327=good;at_24;~cs=u[1].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\;at_248923276=good;at_249032483=good;at_249147860=good;at_247111730=good;at_247131450=good;at_247599625=good;at_247531327=good;at_24;~cs=u[2].gif 43 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\;TKCHAN=106;ord=1325181900[1] 480 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\acbj[1] 883 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\acbj[2] 1314 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\acbj[3] 821 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAXDOPW7 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAY3I0EW 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAY53RXE 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAYM0JWD 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAYTZVPQ 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAYZ5F4Y 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAZ092JW 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAZ3J93W 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAZOD3LJ 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\style[1].css 20554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[10] 4260 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[10].htm 578 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[11] 4475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[11].htm 578 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[1] 4478 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[1].gif 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[1].htm 513 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[2] 4448 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\st[2].htm 563 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKJ8WBL 4043 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKL08KR 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKUYWN1 4457 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAKYQEGU 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAMAZK9T 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAMD6Q0L 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAN6O2F0.htm 530 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCANB0Y0L 1123 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCANMBKA8 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCANT12T7 90 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAO1IORO 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[1] 3146 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[2] 1220 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\tvg-in-stream[3] 1260 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQELUI2 918 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQPVTEO 1202 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQQMC5H 1201 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQX62LU 720 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAQYVOZV 1312 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAR4CXPZ 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAR63BZT 911 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCARXS8GE 1295 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCARZ883Q 704 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASMTEF6 854 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASRXOSX 1421 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASTEIHQ 209 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASXZV3G 850 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCASZQ6NC 1284 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCA9NQLGM 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAA3SQM9 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAAGJHRD 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAASFYR0 4181 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAB01N08 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAB4ZVLU 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACC8A7L 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACFD2W4 4451 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACOIBN2 4496 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCACSJ1UO 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAD1F09V 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCADZR296 1434 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAE88D24 1600 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAEBM9MK 1261 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAEHE8JL 1350 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAEWRN5S 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAF1T3WO 469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAFG9HDB 1093 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAFHD2HX 852 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAG749NG 835 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGMKMF4 833 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGVK1J9 1740 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGVWHGY 880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAGYJ8T1 755 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA2SNVQS 848 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA32GNK7 842 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA37URSA 855 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA38R2FH 847 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA3OZ8P6 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA3UMIDY 1346 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA4JQHO9 951 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6BHHRF 829 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6H5RN2 1365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6KF7US 1615 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA6YQDVA 1239 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAJQ3ALA 925 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKLITY5 390 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKNZJ6X 1212 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKR2W7Z 1196 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKRDTRM 1198 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAKST2C7 577 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCALEJ03W 1367 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCALNQ9XG 880 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCALX0LXD 1236 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAM1WRQ6 116 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCAM6IK2J 834 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEJR1TT 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEK9AEQ 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAEZXMJK 4475 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAF0AW9H 1128 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAF3IWE5 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGAL9KS 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGFCZHK 4460 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGLASSF 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGLBFEW 4451 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAGUOURB 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHAL7VE 385 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHFOTPB.htm 556 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHWMOTT 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAHYA5ZD 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAJ89SQ1 4043 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAJCIS0O 4185 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAJERRIG 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAKFAU2H.php 3554 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAKWYEI6.php 3557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAKZUQ8P.php 4204 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAL0GAVZ.php 3549 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAM45WN1.php 3486 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAMK272S.php 3377 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCANHIG07.php 3593 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAOLFPOE.php 3810 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\ajsCAOSPL1L.php 3806 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA07KZXW.htm 365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA1KDASV.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA1LUC7M.htm 1824 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA2C280S.htm 339 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA3RH0WW.htm 1403 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA4RYMV6.htm 1095 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA66QM9K.htm 493 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA6CJQPT.htm 755 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CA7RLY5Y.htm 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAAU8Y2I.htm 537 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAD56M53.htm 692 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CADW5IRI.htm 1309 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAEV87YW.htm 815 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAJ0VKAY.htm 1039 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAQ5R5GR.htm 558 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAV71GGR.htm 784 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAV9W2H4.htm 404 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAVDDJDL.htm 739 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAVIMAOQ.htm 365 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3CAZKC478.htm 844 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[10].htm 767 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\iframe3[11].htm 763 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\myphoenixteams_com[1].txt 67037 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\m[1].gif 0 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\m[2].gif 44 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\m[3].gif 44 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\n7d-bizopp-scrollbox[1].gif 12768 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja;TKCHAN=106;ord=1325187072[1] 498 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja;TKCHAN=117;ord=1325188544[1] 498 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja[1].htm 1467 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja[2].htm 1514 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\nano-ninja[3].htm 1490 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\net[1].htm 709 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUKN5PA 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUQ063T 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAUYRVAL.htm 557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAV87D77 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAVCGE6Y 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAVCTIUE 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAVK69IP 4183 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWIVB4C 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWKEDY8.htm 562 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAWOJKEP 4496 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAOFJR77 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAOJ3NHB 4469 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAOVHT8S 4496 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAP0VBBL 4182 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAP8WFAP 4159 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPEXEBJ.htm 557 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPHYHSZ 4261 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPP4O29 4463 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAPW1A5F 4466 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAQVG3YQ 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCAR111F7 4472 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARIH5HM 4184 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\stCARINXUH 4454 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA04ZFRA 1210 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA066RYU 1371 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA0IBK6E 828 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA1E1BZY 390 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA1PQMBI 836 bytes
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\DXI629P4\impCA29LN0O 1198 bytes
---- EOF - GMER 1.0.15 ----
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 15:51:10
-----------------------------
15:51:10.992 OS Version: Windows 5.1.2600 Service Pack 3
15:51:10.992 Number of processors: 1 586 0x7F02
15:51:10.992 ComputerName: MCLENOVO UserName: MC
15:51:18.397 Initialize success
15:52:31.049 AVAST engine defs: 11123001
15:53:15.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:53:15.813 Disk 0 Vendor: WDC_WD1600YS-18SHB2 20.06C07 Size: 152587MB BusType: 3
15:53:15.813 Device \Driver\atapi -> DriverStartIo 82c492c6
15:53:16.109 Disk 0 MBR read successfully
15:53:16.109 Disk 0 MBR scan
15:53:16.859 Disk 0 Windows XP default MBR code
15:53:17.016 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
15:53:17.016 Disk 0 Partition - 00 05 Extended 76269 MB offset 156296385
15:53:17.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76269 MB offset 156296448
15:53:17.672 Disk 0 scanning sectors +312496380
15:53:18.906 Disk 0 scanning C:\WINDOWS\system32\drivers
15:58:08.516 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
16:03:29.984 Service scanning
16:04:31.278 Modules scanning
16:05:41.024 Module: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
16:06:28.319 Disk 0 trace - called modules:
16:06:28.319 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82811f10]<<
16:06:28.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8317eab8]
16:06:28.319 3 CLASSPNP.SYS[f759cfd7] -> nt!IofCallDriver -> [0x828cfa60]
16:06:28.319 \Driver\00001312[0x82ca25f0] -> IRP_MJ_CREATE -> 0x82811f10
16:06:39.318 AVAST engine scan C:\WINDOWS
16:10:47.524 AVAST engine scan C:\WINDOWS\system32
16:18:34.160 AVAST engine scan C:\WINDOWS\system32\drivers
16:18:48.690 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
16:19:16.892 AVAST engine scan C:\Documents and Settings\MC
17:36:20.204 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
17:38:59.716 Scan finished successfully
20:42:24.287 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MC\Desktop\MBR.dat"
20:42:24.287 The log file has been saved successfully to "C:\Documents and Settings\MC\Desktop\aswMBR.txt"
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by MC at 20:56:42 on 2011-12-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PWRAGD] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\mc\startm~1\programs\startup\eventr~1.lnk - c:\program files\mindscape\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\mc\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.250\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 65.32.1.65 65.32.1.70
TCP: Interfaces\{266C3E0E-F3EA-4A34-B4D7-1A897DCCF885} : DhcpNameServer = 65.32.1.65 65.32.1.70
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mc\application data\mozilla\firefox\profiles\kfm3e5c6.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c1f19bc&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-12-29 20:00:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-19 20:16:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600YS-18SHB2 rev.20.06C07 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82811F10]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8317EAB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x828CFA60]
\Driver\00001312[0x82CA25F0] -> IRP_MJ_CREATE -> 0x82811F10
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82C492C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:58:50.88 ===============
.
DDS (Ver_2011-06-23.01)
.
.
THIS IS THE HEADER OF ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
....Please Read This..... states
"post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log"
As the statements are at a variance I am doing nothing until further instruction.
I do have attach.txt and will transmit its contents as directed
#9 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
Posted 31 December 2011 - 11:03 PM
Please keep all of your posts in one topic.
This time I merged both of your topics.
Yes I need Attach.txt pasted in your reply.
When done....
Download TDSSKiller and save it to your desktop.
This time I merged both of your topics.
Yes I need Attach.txt pasted in your reply.
When done....
Download TDSSKiller and save it to your desktop.
- Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
#10 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 31 December 2011 - 11:27 PM
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Abacre Retail Point of Sale v3.6
ABC Inventory Software
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.5
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CMI Fixed Assets
Evernote v. 4.5.2
FastLynx 3.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java™ 6 Update 20
Malwarebytes Anti-Malware version 1.60.0.1800
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access Runtime (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
OpenOffice.org 3.2
QuickBooks
QuickBooks Pro 2010
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
RegClean Pro
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif DrawPlus 3.0
Skins
ThinkVantage Power Manager
Track-It! 4.0 Standard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Winbond TPM Device Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
.
==== End Of File ===========================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Abacre Retail Point of Sale v3.6
ABC Inventory Software
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.5
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CMI Fixed Assets
Evernote v. 4.5.2
FastLynx 3.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java™ 6 Update 20
Malwarebytes Anti-Malware version 1.60.0.1800
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access Runtime (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
OpenOffice.org 3.2
QuickBooks
QuickBooks Pro 2010
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
RegClean Pro
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif DrawPlus 3.0
Skins
ThinkVantage Power Manager
Track-It! 4.0 Standard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Winbond TPM Device Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
.
==== End Of File ===========================
#11 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 01 January 2012 - 12:37 AM
18:55:56.0646 6212 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:55:58.0006 6212 ============================================================
18:55:58.0006 6212 Current date / time: 2011/12/31 18:55:58.0006
18:55:58.0006 6212 SystemInfo:
18:55:58.0006 6212
18:55:58.0006 6212 OS Version: 5.1.2600 ServicePack: 3.0
18:55:58.0006 6212 Product type: Workstation
18:55:58.0006 6212 ComputerName: MCLENOVO
18:55:58.0006 6212 UserName: MC
18:55:58.0006 6212 Windows directory: C:\WINDOWS
18:55:58.0006 6212 System windows directory: C:\WINDOWS
18:55:58.0006 6212 Processor architecture: Intel x86
18:55:58.0006 6212 Number of processors: 1
18:55:58.0006 6212 Page size: 0x1000
18:55:58.0006 6212 Boot type: Normal boot
18:55:58.0006 6212 ============================================================
18:56:02.0568 6212 Initialize success
18:56:11.0803 4404 ============================================================
18:56:11.0803 4404 Scan started
18:56:11.0803 4404 Mode: Manual;
18:56:11.0803 4404 ============================================================
18:56:15.0600 4404 Abiosdsk - ok
18:56:15.0615 4404 abp480n5 - ok
18:56:15.0693 4404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:56:15.0803 4404 ACPI - ok
18:56:15.0881 4404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:56:16.0021 4404 ACPIEC - ok
18:56:16.0115 4404 adpu160m - ok
18:56:16.0193 4404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:56:16.0193 4404 aec - ok
18:56:16.0240 4404 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:56:16.0443 4404 AFD - ok
18:56:16.0506 4404 Aha154x - ok
18:56:16.0600 4404 aic78u2 - ok
18:56:16.0615 4404 aic78xx - ok
18:56:16.0646 4404 AliIde - ok
18:56:16.0725 4404 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
18:56:16.0881 4404 AmdPPM - ok
18:56:16.0943 4404 amsint - ok
18:56:16.0975 4404 asc - ok
18:56:17.0006 4404 asc3350p - ok
18:56:17.0037 4404 asc3550 - ok
18:56:17.0131 4404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:56:17.0256 4404 AsyncMac - ok
18:56:17.0287 4404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:56:17.0287 4404 atapi - ok
18:56:17.0365 4404 Atdisk - ok
18:56:17.0568 4404 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:56:17.0803 4404 ati2mtag - ok
18:56:17.0850 4404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:56:17.0896 4404 Atmarpc - ok
18:56:18.0021 4404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:56:18.0115 4404 audstub - ok
18:56:18.0193 4404 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
18:56:18.0287 4404 AvgLdx86 - ok
18:56:18.0318 4404 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
18:56:18.0381 4404 AvgMfx86 - ok
18:56:18.0428 4404 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
18:56:18.0521 4404 AvgTdiX - ok
18:56:18.0662 4404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:56:18.0771 4404 Beep - ok
18:56:18.0850 4404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:56:18.0975 4404 cbidf2k - ok
18:56:19.0037 4404 cd20xrnt - ok
18:56:19.0068 4404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:56:19.0146 4404 Cdaudio - ok
18:56:19.0178 4404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:56:19.0334 4404 Cdfs - ok
18:56:19.0365 4404 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:56:19.0396 4404 Cdrom - ok
18:56:19.0412 4404 Changer - ok
18:56:19.0443 4404 CmdIde - ok
18:56:19.0490 4404 Cpqarray - ok
18:56:19.0568 4404 dac2w2k - ok
18:56:19.0662 4404 dac960nt - ok
18:56:19.0771 4404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:56:19.0975 4404 Disk - ok
18:56:20.0021 4404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:56:20.0318 4404 dmboot - ok
18:56:20.0365 4404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:56:20.0475 4404 dmio - ok
18:56:20.0537 4404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:56:20.0662 4404 dmload - ok
18:56:20.0787 4404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:56:20.0803 4404 DMusic - ok
18:56:21.0068 4404 dpti2o - ok
18:56:21.0115 4404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:56:21.0131 4404 drmkaud - ok
18:56:21.0240 4404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:56:21.0350 4404 Fastfat - ok
18:56:21.0396 4404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:56:21.0537 4404 Fdc - ok
18:56:21.0568 4404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:56:21.0740 4404 Fips - ok
18:56:21.0787 4404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:56:21.0959 4404 Flpydisk - ok
18:56:22.0037 4404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:56:22.0318 4404 FltMgr - ok
18:56:22.0365 4404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:56:22.0521 4404 Fs_Rec - ok
18:56:22.0600 4404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:56:22.0646 4404 Ftdisk - ok
18:56:22.0709 4404 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:56:22.0912 4404 GEARAspiWDM - ok
18:56:23.0006 4404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:56:23.0209 4404 Gpc - ok
18:56:23.0396 4404 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:56:23.0568 4404 HDAudBus - ok
18:56:23.0615 4404 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:56:23.0787 4404 hidusb - ok
18:56:23.0881 4404 hpn - ok
18:56:23.0990 4404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:56:24.0100 4404 HTTP - ok
18:56:24.0146 4404 i2omgmt - ok
18:56:24.0162 4404 i2omp - ok
18:56:24.0287 4404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:56:24.0396 4404 i8042prt - ok
18:56:24.0490 4404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:56:24.0662 4404 Imapi - ok
18:56:24.0881 4404 ini910u - ok
18:56:25.0053 4404 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:56:25.0287 4404 IntcAzAudAddService - ok
18:56:25.0303 4404 IntelIde - ok
18:56:25.0350 4404 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:56:25.0396 4404 Ip6Fw - ok
18:56:25.0443 4404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:56:25.0506 4404 IpFilterDriver - ok
18:56:25.0584 4404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:56:25.0615 4404 IpInIp - ok
18:56:25.0662 4404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:56:25.0709 4404 IpNat - ok
18:56:25.0740 4404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:56:25.0850 4404 IPSec - ok
18:56:25.0881 4404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:56:26.0021 4404 IRENUM - ok
18:56:26.0068 4404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:56:26.0178 4404 isapnp - ok
18:56:26.0225 4404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:56:26.0303 4404 Kbdclass - ok
18:56:26.0350 4404 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:56:26.0443 4404 kbdhid - ok
18:56:26.0490 4404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:56:26.0490 4404 kmixer - ok
18:56:26.0553 4404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:56:26.0631 4404 KSecDD - ok
18:56:26.0662 4404 lbrtfdc - ok
18:56:26.0740 4404 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:56:26.0850 4404 MBAMSwissArmy - ok
18:56:26.0912 4404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:56:26.0975 4404 mnmdd - ok
18:56:27.0021 4404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:56:27.0084 4404 Modem - ok
18:56:27.0115 4404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:56:27.0162 4404 Mouclass - ok
18:56:27.0193 4404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:56:27.0240 4404 mouhid - ok
18:56:27.0287 4404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:56:27.0350 4404 MountMgr - ok
18:56:27.0396 4404 mraid35x - ok
18:56:27.0506 4404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:56:27.0568 4404 MRxDAV - ok
18:56:27.0662 4404 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:56:28.0053 4404 MRxSmb - ok
18:56:28.0350 4404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:56:28.0521 4404 Msfs - ok
18:56:28.0678 4404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:56:28.0896 4404 MSKSSRV - ok
18:56:29.0084 4404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:56:29.0178 4404 MSPCLOCK - ok
18:56:29.0303 4404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:56:29.0521 4404 MSPQM - ok
18:56:29.0725 4404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:56:29.0818 4404 mssmbios - ok
18:56:30.0021 4404 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:56:30.0053 4404 Mup - ok
18:56:30.0178 4404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:56:30.0256 4404 NDIS - ok
18:56:30.0381 4404 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:56:30.0459 4404 NdisTapi - ok
18:56:30.0803 4404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:56:30.0818 4404 Ndisuio - ok
18:56:31.0037 4404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:56:31.0193 4404 NdisWan - ok
18:56:31.0365 4404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:56:31.0568 4404 NDProxy - ok
18:56:31.0834 4404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:56:31.0928 4404 NetBIOS - ok
18:56:32.0037 4404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:56:32.0162 4404 NetBT - ok
18:56:32.0287 4404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:56:32.0381 4404 Npfs - ok
18:56:32.0568 4404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:56:32.0662 4404 Ntfs - ok
18:56:32.0725 4404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:56:32.0818 4404 Null - ok
18:56:32.0865 4404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:56:32.0975 4404 NwlnkFlt - ok
18:56:32.0990 4404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:56:33.0131 4404 NwlnkFwd - ok
18:56:33.0459 4404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:56:33.0693 4404 Parport - ok
18:56:33.0803 4404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:56:33.0975 4404 PartMgr - ok
18:56:34.0162 4404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:56:34.0178 4404 ParVdm - ok
18:56:34.0209 4404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:56:34.0334 4404 PCI - ok
18:56:34.0443 4404 PCIDump - ok
18:56:34.0631 4404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:56:34.0709 4404 PCIIde - ok
18:56:34.0865 4404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:56:35.0053 4404 Pcmcia - ok
18:56:35.0209 4404 PDCOMP - ok
18:56:35.0443 4404 PDFRAME - ok
18:56:35.0631 4404 PDRELI - ok
18:56:35.0771 4404 PDRFRAME - ok
18:56:36.0068 4404 perc2 - ok
18:56:36.0662 4404 perc2hib - ok
18:56:37.0271 4404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:56:37.0537 4404 PptpMiniport - ok
18:56:37.0803 4404 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:56:38.0084 4404 Processor - ok
18:56:38.0318 4404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:56:38.0521 4404 PSched - ok
18:56:39.0334 4404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:56:39.0771 4404 Ptilink - ok
18:56:40.0287 4404 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:56:40.0912 4404 PxHelp20 - ok
18:56:42.0021 4404 ql1080 - ok
18:56:42.0068 4404 Ql10wnt - ok
18:56:42.0162 4404 ql12160 - ok
18:56:42.0225 4404 ql1240 - ok
18:56:42.0256 4404 ql1280 - ok
18:56:42.0350 4404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:56:42.0412 4404 RasAcd - ok
18:56:42.0771 4404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:56:42.0912 4404 Rasl2tp - ok
18:56:42.0975 4404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:56:43.0146 4404 RasPppoe - ok
18:56:43.0303 4404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:56:43.0412 4404 Raspti - ok
18:56:43.0600 4404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:56:43.0725 4404 Rdbss - ok
18:56:43.0990 4404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:56:44.0225 4404 RDPCDD - ok
18:56:44.0506 4404 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:56:44.0678 4404 rdpdr - ok
18:56:44.0959 4404 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:56:45.0131 4404 RDPWD - ok
18:56:45.0459 4404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:56:45.0600 4404 redbook - ok
18:56:45.0881 4404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:56:45.0912 4404 Secdrv - ok
18:56:46.0365 4404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:56:46.0521 4404 serenum - ok
18:56:46.0646 4404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:56:46.0818 4404 Serial - ok
18:56:46.0990 4404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:56:47.0334 4404 Sfloppy - ok
18:56:48.0412 4404 Simbad - ok
18:56:49.0021 4404 Sparrow - ok
18:56:49.0725 4404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:56:49.0740 4404 splitter - ok
18:56:50.0490 4404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:56:50.0818 4404 sr - ok
18:56:51.0678 4404 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:56:52.0193 4404 Srv - ok
18:56:52.0912 4404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:56:53.0084 4404 swenum - ok
18:56:53.0818 4404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:56:53.0865 4404 swmidi - ok
18:56:54.0428 4404 symc810 - ok
18:56:55.0115 4404 symc8xx - ok
18:56:55.0475 4404 sym_hi - ok
18:56:56.0209 4404 sym_u3 - ok
18:56:57.0678 4404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:56:57.0818 4404 sysaudio - ok
18:56:59.0521 4404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:00.0537 4404 Tcpip - ok
18:57:01.0896 4404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:02.0068 4404 TDPIPE - ok
18:57:02.0943 4404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:03.0146 4404 TDTCP - ok
18:57:04.0100 4404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:04.0271 4404 TermDD - ok
18:57:05.0381 4404 TosIde - ok
18:57:06.0318 4404 TPM (82fed3fea9bcd77fc870a1e4c8b62870) C:\WINDOWS\system32\DRIVERS\tpm.sys
18:57:06.0537 4404 TPM - ok
18:57:07.0615 4404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:57:07.0865 4404 Udfs - ok
18:57:08.0725 4404 UIUSys - ok
18:57:09.0146 4404 ultra - ok
18:57:09.0584 4404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:57:09.0912 4404 Update - ok
18:57:10.0396 4404 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:57:10.0443 4404 usbccgp - ok
18:57:11.0084 4404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:11.0240 4404 usbehci - ok
18:57:12.0037 4404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:12.0396 4404 usbhub - ok
18:57:12.0881 4404 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:57:13.0021 4404 usbohci - ok
18:57:13.0725 4404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:13.0725 4404 USBSTOR - ok
18:57:14.0146 4404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:57:14.0225 4404 VgaSave - ok
18:57:14.0912 4404 ViaIde - ok
18:57:16.0068 4404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:57:16.0303 4404 VolSnap - ok
18:57:17.0725 4404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:18.0084 4404 Wanarp - ok
18:57:19.0115 4404 WDICA - ok
18:57:20.0740 4404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:20.0787 4404 wdmaud - ok
18:57:21.0740 4404 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:21.0928 4404 WudfPf - ok
18:57:22.0459 4404 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:22.0646 4404 WudfRd - ok
18:57:23.0740 4404 yukonwxp (630e4f5ae3a93f7de3efd174f28f6479) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:57:24.0178 4404 yukonwxp - ok
18:57:24.0209 4404 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
18:57:24.0271 4404 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:57:24.0271 4404 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:57:24.0318 4404 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
18:57:24.0318 4404 \Device\Harddisk1\DR3 - ok
18:57:24.0334 4404 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR11
18:57:25.0084 4404 \Device\Harddisk2\DR11 - ok
18:57:25.0100 4404 Boot (0x1200) (c9d04d367eef7d54874c73ba8849e4a4) \Device\Harddisk0\DR0\Partition0
18:57:25.0100 4404 \Device\Harddisk0\DR0\Partition0 - ok
18:57:25.0131 4404 Boot (0x1200) (b1613bc4c40568626d0cd2ad04eeed0f) \Device\Harddisk0\DR0\Partition1
18:57:25.0209 4404 \Device\Harddisk0\DR0\Partition1 - ok
18:57:25.0209 4404 Boot (0x1200) (9656eff4b74c82fadc1590a2a2f74017) \Device\Harddisk1\DR3\Partition0
18:57:25.0209 4404 \Device\Harddisk1\DR3\Partition0 - ok
18:57:25.0225 4404 Boot (0x1200) (c2b87d189a3cd1a29fb0e8a399cbcd3a) \Device\Harddisk2\DR11\Partition0
18:57:25.0225 4404 \Device\Harddisk2\DR11\Partition0 - ok
18:57:25.0225 4404 ============================================================
18:57:25.0225 4404 Scan finished
18:57:25.0225 4404 ============================================================
18:57:25.0256 2268 Detected object count: 1
18:57:25.0256 2268 Actual detected object count: 1
19:00:04.0365 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:00:04.0365 2268 \Device\Harddisk0\DR0 - ok
19:00:04.0365 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:00:24.0365 6296 Deinitialize success
18:55:58.0006 6212 ============================================================
18:55:58.0006 6212 Current date / time: 2011/12/31 18:55:58.0006
18:55:58.0006 6212 SystemInfo:
18:55:58.0006 6212
18:55:58.0006 6212 OS Version: 5.1.2600 ServicePack: 3.0
18:55:58.0006 6212 Product type: Workstation
18:55:58.0006 6212 ComputerName: MCLENOVO
18:55:58.0006 6212 UserName: MC
18:55:58.0006 6212 Windows directory: C:\WINDOWS
18:55:58.0006 6212 System windows directory: C:\WINDOWS
18:55:58.0006 6212 Processor architecture: Intel x86
18:55:58.0006 6212 Number of processors: 1
18:55:58.0006 6212 Page size: 0x1000
18:55:58.0006 6212 Boot type: Normal boot
18:55:58.0006 6212 ============================================================
18:56:02.0568 6212 Initialize success
18:56:11.0803 4404 ============================================================
18:56:11.0803 4404 Scan started
18:56:11.0803 4404 Mode: Manual;
18:56:11.0803 4404 ============================================================
18:56:15.0600 4404 Abiosdsk - ok
18:56:15.0615 4404 abp480n5 - ok
18:56:15.0693 4404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:56:15.0803 4404 ACPI - ok
18:56:15.0881 4404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:56:16.0021 4404 ACPIEC - ok
18:56:16.0115 4404 adpu160m - ok
18:56:16.0193 4404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:56:16.0193 4404 aec - ok
18:56:16.0240 4404 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:56:16.0443 4404 AFD - ok
18:56:16.0506 4404 Aha154x - ok
18:56:16.0600 4404 aic78u2 - ok
18:56:16.0615 4404 aic78xx - ok
18:56:16.0646 4404 AliIde - ok
18:56:16.0725 4404 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
18:56:16.0881 4404 AmdPPM - ok
18:56:16.0943 4404 amsint - ok
18:56:16.0975 4404 asc - ok
18:56:17.0006 4404 asc3350p - ok
18:56:17.0037 4404 asc3550 - ok
18:56:17.0131 4404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:56:17.0256 4404 AsyncMac - ok
18:56:17.0287 4404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:56:17.0287 4404 atapi - ok
18:56:17.0365 4404 Atdisk - ok
18:56:17.0568 4404 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:56:17.0803 4404 ati2mtag - ok
18:56:17.0850 4404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:56:17.0896 4404 Atmarpc - ok
18:56:18.0021 4404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:56:18.0115 4404 audstub - ok
18:56:18.0193 4404 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
18:56:18.0287 4404 AvgLdx86 - ok
18:56:18.0318 4404 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
18:56:18.0381 4404 AvgMfx86 - ok
18:56:18.0428 4404 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
18:56:18.0521 4404 AvgTdiX - ok
18:56:18.0662 4404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:56:18.0771 4404 Beep - ok
18:56:18.0850 4404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:56:18.0975 4404 cbidf2k - ok
18:56:19.0037 4404 cd20xrnt - ok
18:56:19.0068 4404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:56:19.0146 4404 Cdaudio - ok
18:56:19.0178 4404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:56:19.0334 4404 Cdfs - ok
18:56:19.0365 4404 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:56:19.0396 4404 Cdrom - ok
18:56:19.0412 4404 Changer - ok
18:56:19.0443 4404 CmdIde - ok
18:56:19.0490 4404 Cpqarray - ok
18:56:19.0568 4404 dac2w2k - ok
18:56:19.0662 4404 dac960nt - ok
18:56:19.0771 4404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:56:19.0975 4404 Disk - ok
18:56:20.0021 4404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:56:20.0318 4404 dmboot - ok
18:56:20.0365 4404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:56:20.0475 4404 dmio - ok
18:56:20.0537 4404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:56:20.0662 4404 dmload - ok
18:56:20.0787 4404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:56:20.0803 4404 DMusic - ok
18:56:21.0068 4404 dpti2o - ok
18:56:21.0115 4404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:56:21.0131 4404 drmkaud - ok
18:56:21.0240 4404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:56:21.0350 4404 Fastfat - ok
18:56:21.0396 4404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:56:21.0537 4404 Fdc - ok
18:56:21.0568 4404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:56:21.0740 4404 Fips - ok
18:56:21.0787 4404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:56:21.0959 4404 Flpydisk - ok
18:56:22.0037 4404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:56:22.0318 4404 FltMgr - ok
18:56:22.0365 4404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:56:22.0521 4404 Fs_Rec - ok
18:56:22.0600 4404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:56:22.0646 4404 Ftdisk - ok
18:56:22.0709 4404 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:56:22.0912 4404 GEARAspiWDM - ok
18:56:23.0006 4404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:56:23.0209 4404 Gpc - ok
18:56:23.0396 4404 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:56:23.0568 4404 HDAudBus - ok
18:56:23.0615 4404 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:56:23.0787 4404 hidusb - ok
18:56:23.0881 4404 hpn - ok
18:56:23.0990 4404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:56:24.0100 4404 HTTP - ok
18:56:24.0146 4404 i2omgmt - ok
18:56:24.0162 4404 i2omp - ok
18:56:24.0287 4404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:56:24.0396 4404 i8042prt - ok
18:56:24.0490 4404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:56:24.0662 4404 Imapi - ok
18:56:24.0881 4404 ini910u - ok
18:56:25.0053 4404 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:56:25.0287 4404 IntcAzAudAddService - ok
18:56:25.0303 4404 IntelIde - ok
18:56:25.0350 4404 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:56:25.0396 4404 Ip6Fw - ok
18:56:25.0443 4404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:56:25.0506 4404 IpFilterDriver - ok
18:56:25.0584 4404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:56:25.0615 4404 IpInIp - ok
18:56:25.0662 4404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:56:25.0709 4404 IpNat - ok
18:56:25.0740 4404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:56:25.0850 4404 IPSec - ok
18:56:25.0881 4404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:56:26.0021 4404 IRENUM - ok
18:56:26.0068 4404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:56:26.0178 4404 isapnp - ok
18:56:26.0225 4404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:56:26.0303 4404 Kbdclass - ok
18:56:26.0350 4404 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:56:26.0443 4404 kbdhid - ok
18:56:26.0490 4404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:56:26.0490 4404 kmixer - ok
18:56:26.0553 4404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:56:26.0631 4404 KSecDD - ok
18:56:26.0662 4404 lbrtfdc - ok
18:56:26.0740 4404 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:56:26.0850 4404 MBAMSwissArmy - ok
18:56:26.0912 4404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:56:26.0975 4404 mnmdd - ok
18:56:27.0021 4404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:56:27.0084 4404 Modem - ok
18:56:27.0115 4404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:56:27.0162 4404 Mouclass - ok
18:56:27.0193 4404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:56:27.0240 4404 mouhid - ok
18:56:27.0287 4404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:56:27.0350 4404 MountMgr - ok
18:56:27.0396 4404 mraid35x - ok
18:56:27.0506 4404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:56:27.0568 4404 MRxDAV - ok
18:56:27.0662 4404 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:56:28.0053 4404 MRxSmb - ok
18:56:28.0350 4404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:56:28.0521 4404 Msfs - ok
18:56:28.0678 4404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:56:28.0896 4404 MSKSSRV - ok
18:56:29.0084 4404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:56:29.0178 4404 MSPCLOCK - ok
18:56:29.0303 4404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:56:29.0521 4404 MSPQM - ok
18:56:29.0725 4404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:56:29.0818 4404 mssmbios - ok
18:56:30.0021 4404 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:56:30.0053 4404 Mup - ok
18:56:30.0178 4404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:56:30.0256 4404 NDIS - ok
18:56:30.0381 4404 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:56:30.0459 4404 NdisTapi - ok
18:56:30.0803 4404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:56:30.0818 4404 Ndisuio - ok
18:56:31.0037 4404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:56:31.0193 4404 NdisWan - ok
18:56:31.0365 4404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:56:31.0568 4404 NDProxy - ok
18:56:31.0834 4404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:56:31.0928 4404 NetBIOS - ok
18:56:32.0037 4404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:56:32.0162 4404 NetBT - ok
18:56:32.0287 4404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:56:32.0381 4404 Npfs - ok
18:56:32.0568 4404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:56:32.0662 4404 Ntfs - ok
18:56:32.0725 4404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:56:32.0818 4404 Null - ok
18:56:32.0865 4404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:56:32.0975 4404 NwlnkFlt - ok
18:56:32.0990 4404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:56:33.0131 4404 NwlnkFwd - ok
18:56:33.0459 4404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:56:33.0693 4404 Parport - ok
18:56:33.0803 4404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:56:33.0975 4404 PartMgr - ok
18:56:34.0162 4404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:56:34.0178 4404 ParVdm - ok
18:56:34.0209 4404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:56:34.0334 4404 PCI - ok
18:56:34.0443 4404 PCIDump - ok
18:56:34.0631 4404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:56:34.0709 4404 PCIIde - ok
18:56:34.0865 4404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:56:35.0053 4404 Pcmcia - ok
18:56:35.0209 4404 PDCOMP - ok
18:56:35.0443 4404 PDFRAME - ok
18:56:35.0631 4404 PDRELI - ok
18:56:35.0771 4404 PDRFRAME - ok
18:56:36.0068 4404 perc2 - ok
18:56:36.0662 4404 perc2hib - ok
18:56:37.0271 4404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:56:37.0537 4404 PptpMiniport - ok
18:56:37.0803 4404 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:56:38.0084 4404 Processor - ok
18:56:38.0318 4404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:56:38.0521 4404 PSched - ok
18:56:39.0334 4404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:56:39.0771 4404 Ptilink - ok
18:56:40.0287 4404 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:56:40.0912 4404 PxHelp20 - ok
18:56:42.0021 4404 ql1080 - ok
18:56:42.0068 4404 Ql10wnt - ok
18:56:42.0162 4404 ql12160 - ok
18:56:42.0225 4404 ql1240 - ok
18:56:42.0256 4404 ql1280 - ok
18:56:42.0350 4404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:56:42.0412 4404 RasAcd - ok
18:56:42.0771 4404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:56:42.0912 4404 Rasl2tp - ok
18:56:42.0975 4404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:56:43.0146 4404 RasPppoe - ok
18:56:43.0303 4404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:56:43.0412 4404 Raspti - ok
18:56:43.0600 4404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:56:43.0725 4404 Rdbss - ok
18:56:43.0990 4404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:56:44.0225 4404 RDPCDD - ok
18:56:44.0506 4404 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:56:44.0678 4404 rdpdr - ok
18:56:44.0959 4404 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:56:45.0131 4404 RDPWD - ok
18:56:45.0459 4404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:56:45.0600 4404 redbook - ok
18:56:45.0881 4404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:56:45.0912 4404 Secdrv - ok
18:56:46.0365 4404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:56:46.0521 4404 serenum - ok
18:56:46.0646 4404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:56:46.0818 4404 Serial - ok
18:56:46.0990 4404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:56:47.0334 4404 Sfloppy - ok
18:56:48.0412 4404 Simbad - ok
18:56:49.0021 4404 Sparrow - ok
18:56:49.0725 4404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:56:49.0740 4404 splitter - ok
18:56:50.0490 4404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:56:50.0818 4404 sr - ok
18:56:51.0678 4404 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:56:52.0193 4404 Srv - ok
18:56:52.0912 4404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:56:53.0084 4404 swenum - ok
18:56:53.0818 4404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:56:53.0865 4404 swmidi - ok
18:56:54.0428 4404 symc810 - ok
18:56:55.0115 4404 symc8xx - ok
18:56:55.0475 4404 sym_hi - ok
18:56:56.0209 4404 sym_u3 - ok
18:56:57.0678 4404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:56:57.0818 4404 sysaudio - ok
18:56:59.0521 4404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:00.0537 4404 Tcpip - ok
18:57:01.0896 4404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:02.0068 4404 TDPIPE - ok
18:57:02.0943 4404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:03.0146 4404 TDTCP - ok
18:57:04.0100 4404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:04.0271 4404 TermDD - ok
18:57:05.0381 4404 TosIde - ok
18:57:06.0318 4404 TPM (82fed3fea9bcd77fc870a1e4c8b62870) C:\WINDOWS\system32\DRIVERS\tpm.sys
18:57:06.0537 4404 TPM - ok
18:57:07.0615 4404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:57:07.0865 4404 Udfs - ok
18:57:08.0725 4404 UIUSys - ok
18:57:09.0146 4404 ultra - ok
18:57:09.0584 4404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:57:09.0912 4404 Update - ok
18:57:10.0396 4404 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:57:10.0443 4404 usbccgp - ok
18:57:11.0084 4404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:11.0240 4404 usbehci - ok
18:57:12.0037 4404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:12.0396 4404 usbhub - ok
18:57:12.0881 4404 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:57:13.0021 4404 usbohci - ok
18:57:13.0725 4404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:13.0725 4404 USBSTOR - ok
18:57:14.0146 4404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:57:14.0225 4404 VgaSave - ok
18:57:14.0912 4404 ViaIde - ok
18:57:16.0068 4404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:57:16.0303 4404 VolSnap - ok
18:57:17.0725 4404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:18.0084 4404 Wanarp - ok
18:57:19.0115 4404 WDICA - ok
18:57:20.0740 4404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:20.0787 4404 wdmaud - ok
18:57:21.0740 4404 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:21.0928 4404 WudfPf - ok
18:57:22.0459 4404 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:22.0646 4404 WudfRd - ok
18:57:23.0740 4404 yukonwxp (630e4f5ae3a93f7de3efd174f28f6479) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:57:24.0178 4404 yukonwxp - ok
18:57:24.0209 4404 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
18:57:24.0271 4404 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:57:24.0271 4404 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:57:24.0318 4404 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
18:57:24.0318 4404 \Device\Harddisk1\DR3 - ok
18:57:24.0334 4404 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR11
18:57:25.0084 4404 \Device\Harddisk2\DR11 - ok
18:57:25.0100 4404 Boot (0x1200) (c9d04d367eef7d54874c73ba8849e4a4) \Device\Harddisk0\DR0\Partition0
18:57:25.0100 4404 \Device\Harddisk0\DR0\Partition0 - ok
18:57:25.0131 4404 Boot (0x1200) (b1613bc4c40568626d0cd2ad04eeed0f) \Device\Harddisk0\DR0\Partition1
18:57:25.0209 4404 \Device\Harddisk0\DR0\Partition1 - ok
18:57:25.0209 4404 Boot (0x1200) (9656eff4b74c82fadc1590a2a2f74017) \Device\Harddisk1\DR3\Partition0
18:57:25.0209 4404 \Device\Harddisk1\DR3\Partition0 - ok
18:57:25.0225 4404 Boot (0x1200) (c2b87d189a3cd1a29fb0e8a399cbcd3a) \Device\Harddisk2\DR11\Partition0
18:57:25.0225 4404 \Device\Harddisk2\DR11\Partition0 - ok
18:57:25.0225 4404 ============================================================
18:57:25.0225 4404 Scan finished
18:57:25.0225 4404 ============================================================
18:57:25.0256 2268 Detected object count: 1
18:57:25.0256 2268 Actual detected object count: 1
19:00:04.0365 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:00:04.0365 2268 \Device\Harddisk0\DR0 - ok
19:00:04.0365 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:00:24.0365 6296 Deinitialize success
#12 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
Posted 01 January 2012 - 12:50 AM
Very well :)
Post fresh aswMBR log.
Then...
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Post fresh aswMBR log.
Then...
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
#13 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 01 January 2012 - 11:23 PM
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-01 17:51:35
-----------------------------
17:51:35.187 OS Version: Windows 5.1.2600 Service Pack 3
17:51:35.187 Number of processors: 1 586 0x7F02
17:51:35.187 ComputerName: MCLENOVO UserName: MC
17:51:35.859 Initialize success
17:53:09.593 AVAST engine defs: 12010101
17:53:34.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:53:34.828 Disk 0 Vendor: WDC_WD1600YS-18SHB2 20.06C07 Size: 152587MB BusType: 3
17:53:34.843 Disk 0 MBR read successfully
17:53:34.843 Disk 0 MBR scan
17:53:34.859 Disk 0 Windows XP default MBR code
17:53:34.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
17:53:34.859 Disk 0 Partition - 00 05 Extended 76269 MB offset 156296385
17:53:34.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76269 MB offset 156296448
17:53:34.875 Disk 0 scanning sectors +312496380
17:53:34.968 Disk 0 scanning C:\WINDOWS\system32\drivers
17:53:44.281 Service scanning
17:53:45.125 Modules scanning
17:53:49.171 Disk 0 trace - called modules:
17:53:49.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:53:49.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83156ab8]
17:53:49.187 3 CLASSPNP.SYS[f759cfd7] -> nt!IofCallDriver -> \Device\00000060[0x83199f18]
17:53:49.187 5 ACPI.sys[f7433620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83172940]
17:53:50.062 AVAST engine scan C:\WINDOWS
17:54:04.656 AVAST engine scan C:\WINDOWS\system32
17:55:44.734 AVAST engine scan C:\WINDOWS\system32\drivers
17:55:57.656 AVAST engine scan C:\Documents and Settings\MC
18:02:43.281 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
18:04:10.343 Scan finished successfully
18:13:59.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MC\Desktop\MBR.dat"
18:13:59.468 The log file has been saved successfully to "C:\Documents and Settings\MC\Desktop\aswMBRsecond.txt"
ComboFix 11-12-31.03 - MC 12/31/2011 21:30:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.431 [GMT -5:00]
Running from: c:\documents and settings\MC\Desktop\Antimalware Broni Steps\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\HelpAssistant\System
c:\documents and settings\HelpAssistant\System\win_qs8.jqx
c:\documents and settings\HelpAssistant\WINDOWS
c:\documents and settings\hos1-123\System
c:\documents and settings\hos1-123\System\win_qs8.jqx
c:\documents and settings\hos1-123\WINDOWS
c:\documents and settings\hos1\System
c:\documents and settings\hos1\System\win_qs8.jqx
c:\documents and settings\hos1\WINDOWS
c:\documents and settings\MC\Start Menu\Internet Explorer.lnk
c:\documents and settings\MC\System
c:\documents and settings\MC\System\win_qs8.jqx
c:\documents and settings\MC\WINDOWS
c:\documents and settings\User\Application Data\AdobeDLM.log
c:\documents and settings\User\WINDOWS
c:\windows\$NtUninstallKB28011$
c:\windows\$NtUninstallKB28011$\2486237531\@
c:\windows\$NtUninstallKB28011$\2486237531\bckfg.tmp
c:\windows\$NtUninstallKB28011$\2486237531\cfg.ini
c:\windows\$NtUninstallKB28011$\2486237531\Desktop.ini
c:\windows\$NtUninstallKB28011$\2486237531\keywords
c:\windows\$NtUninstallKB28011$\2486237531\kwrd.dll
c:\windows\$NtUninstallKB28011$\2486237531\L\goxiovoe
c:\windows\$NtUninstallKB28011$\2486237531\lsflt7.ver
c:\windows\$NtUninstallKB28011$\2486237531\U\00000001.@
c:\windows\$NtUninstallKB28011$\2486237531\U\00000002.@
c:\windows\$NtUninstallKB28011$\2486237531\U\00000004.@
c:\windows\$NtUninstallKB28011$\2486237531\U\80000000.@
c:\windows\$NtUninstallKB28011$\2486237531\U\80000004.@
c:\windows\$NtUninstallKB28011$\2486237531\U\80000032.@
c:\windows\$NtUninstallKB28011$\3010183376
c:\windows\alcrmv.exe
c:\windows\EventSystem.log
c:\windows\system32\bszip.dll
c:\windows\system32\encapi32.dll
c:\windows\system32\OLD45.tmp
c:\windows\winhelp.ini
F:\autorun.inf
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 02:15 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-29 15:09 . 2011-12-29 15:09 -------- dcsh--w- c:\documents and settings\LocalService.NT AUTHORITY\PrivacIE
2011-12-25 07:23 . 2011-12-25 07:23 -------- dcsh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-12-24 11:43 . 2011-12-24 11:43 664 -c--a-w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\d3d9caps.tmp
2011-12-20 14:12 . 2011-12-25 08:00 -------- dc----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-12-19 22:25 . 2012-01-01 01:24 -------- dc----w- c:\documents and settings\test
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 20:00 . 2010-10-01 21:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-19 20:16 . 2011-06-18 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-10-01 21:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-06-21 02:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2007-08-09 18:08 . 2007-01-04 02:58 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2007-01-04 02:58 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2011-11-11 00:53 . 2011-09-03 21:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-17 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2010-03-18 72256]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-04-30 1527128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\documents and settings\MC\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [N/A]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.250\SSScheduler.exe [2011-12-9 272792]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/22/2010 6:52 AM 68160]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/1/2010 4:42 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.250\McCHSvc.exe [12/9/2011 6:18 AM 237272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-12-23 c:\windows\Tasks\Daily Shutdown and Restart.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:12]
.
2011-12-23 c:\windows\Tasks\Daily SR Done Display Addendum.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-06-22 15:11]
.
2012-01-01 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-09-29 17:06]
.
2011-12-29 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-09-29 17:06]
.
2012-01-01 c:\windows\Tasks\User_Feed_Synchronization-{CDF1B77F-9A4E-49A8-821F-74D463D33267}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 65.32.1.65 65.32.1.70
FF - ProfilePath - c:\documents and settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c1f19bc&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 17:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,c1,86,59,4b,c1,30,4c,b6,3b,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,c1,86,59,4b,c1,30,4c,b6,3b,a7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\ThinkPad\UTILIT~1\DPMTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-01-01 17:46:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 22:46
.
Pre-Run: 7,777,820,672 bytes free
Post-Run: 23,647,932,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D97FFED3C35AAA2E3FDC54E1DE30E124
Run date: 2012-01-01 17:51:35
-----------------------------
17:51:35.187 OS Version: Windows 5.1.2600 Service Pack 3
17:51:35.187 Number of processors: 1 586 0x7F02
17:51:35.187 ComputerName: MCLENOVO UserName: MC
17:51:35.859 Initialize success
17:53:09.593 AVAST engine defs: 12010101
17:53:34.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:53:34.828 Disk 0 Vendor: WDC_WD1600YS-18SHB2 20.06C07 Size: 152587MB BusType: 3
17:53:34.843 Disk 0 MBR read successfully
17:53:34.843 Disk 0 MBR scan
17:53:34.859 Disk 0 Windows XP default MBR code
17:53:34.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
17:53:34.859 Disk 0 Partition - 00 05 Extended 76269 MB offset 156296385
17:53:34.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76269 MB offset 156296448
17:53:34.875 Disk 0 scanning sectors +312496380
17:53:34.968 Disk 0 scanning C:\WINDOWS\system32\drivers
17:53:44.281 Service scanning
17:53:45.125 Modules scanning
17:53:49.171 Disk 0 trace - called modules:
17:53:49.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:53:49.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83156ab8]
17:53:49.187 3 CLASSPNP.SYS[f759cfd7] -> nt!IofCallDriver -> \Device\00000060[0x83199f18]
17:53:49.187 5 ACPI.sys[f7433620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83172940]
17:53:50.062 AVAST engine scan C:\WINDOWS
17:54:04.656 AVAST engine scan C:\WINDOWS\system32
17:55:44.734 AVAST engine scan C:\WINDOWS\system32\drivers
17:55:57.656 AVAST engine scan C:\Documents and Settings\MC
18:02:43.281 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
18:04:10.343 Scan finished successfully
18:13:59.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MC\Desktop\MBR.dat"
18:13:59.468 The log file has been saved successfully to "C:\Documents and Settings\MC\Desktop\aswMBRsecond.txt"
ComboFix 11-12-31.03 - MC 12/31/2011 21:30:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.431 [GMT -5:00]
Running from: c:\documents and settings\MC\Desktop\Antimalware Broni Steps\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\HelpAssistant\System
c:\documents and settings\HelpAssistant\System\win_qs8.jqx
c:\documents and settings\HelpAssistant\WINDOWS
c:\documents and settings\hos1-123\System
c:\documents and settings\hos1-123\System\win_qs8.jqx
c:\documents and settings\hos1-123\WINDOWS
c:\documents and settings\hos1\System
c:\documents and settings\hos1\System\win_qs8.jqx
c:\documents and settings\hos1\WINDOWS
c:\documents and settings\MC\Start Menu\Internet Explorer.lnk
c:\documents and settings\MC\System
c:\documents and settings\MC\System\win_qs8.jqx
c:\documents and settings\MC\WINDOWS
c:\documents and settings\User\Application Data\AdobeDLM.log
c:\documents and settings\User\WINDOWS
c:\windows\$NtUninstallKB28011$
c:\windows\$NtUninstallKB28011$\2486237531\@
c:\windows\$NtUninstallKB28011$\2486237531\bckfg.tmp
c:\windows\$NtUninstallKB28011$\2486237531\cfg.ini
c:\windows\$NtUninstallKB28011$\2486237531\Desktop.ini
c:\windows\$NtUninstallKB28011$\2486237531\keywords
c:\windows\$NtUninstallKB28011$\2486237531\kwrd.dll
c:\windows\$NtUninstallKB28011$\2486237531\L\goxiovoe
c:\windows\$NtUninstallKB28011$\2486237531\lsflt7.ver
c:\windows\$NtUninstallKB28011$\2486237531\U\00000001.@
c:\windows\$NtUninstallKB28011$\2486237531\U\00000002.@
c:\windows\$NtUninstallKB28011$\2486237531\U\00000004.@
c:\windows\$NtUninstallKB28011$\2486237531\U\80000000.@
c:\windows\$NtUninstallKB28011$\2486237531\U\80000004.@
c:\windows\$NtUninstallKB28011$\2486237531\U\80000032.@
c:\windows\$NtUninstallKB28011$\3010183376
c:\windows\alcrmv.exe
c:\windows\EventSystem.log
c:\windows\system32\bszip.dll
c:\windows\system32\encapi32.dll
c:\windows\system32\OLD45.tmp
c:\windows\winhelp.ini
F:\autorun.inf
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 02:15 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-29 15:09 . 2011-12-29 15:09 -------- dcsh--w- c:\documents and settings\LocalService.NT AUTHORITY\PrivacIE
2011-12-25 07:23 . 2011-12-25 07:23 -------- dcsh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-12-24 11:43 . 2011-12-24 11:43 664 -c--a-w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\d3d9caps.tmp
2011-12-20 14:12 . 2011-12-25 08:00 -------- dc----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-12-19 22:25 . 2012-01-01 01:24 -------- dc----w- c:\documents and settings\test
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 20:00 . 2010-10-01 21:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-19 20:16 . 2011-06-18 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-10-01 21:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-06-21 02:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2007-08-09 18:08 . 2007-01-04 02:58 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2007-01-04 02:58 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2011-11-11 00:53 . 2011-09-03 21:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-17 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2010-03-18 72256]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-04-30 1527128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\documents and settings\MC\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [N/A]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.250\SSScheduler.exe [2011-12-9 272792]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/22/2010 6:52 AM 68160]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/1/2010 4:42 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.250\McCHSvc.exe [12/9/2011 6:18 AM 237272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-12-23 c:\windows\Tasks\Daily Shutdown and Restart.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:12]
.
2011-12-23 c:\windows\Tasks\Daily SR Done Display Addendum.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-06-22 15:11]
.
2012-01-01 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-09-29 17:06]
.
2011-12-29 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-09-29 17:06]
.
2012-01-01 c:\windows\Tasks\User_Feed_Synchronization-{CDF1B77F-9A4E-49A8-821F-74D463D33267}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 65.32.1.65 65.32.1.70
FF - ProfilePath - c:\documents and settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c1f19bc&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 17:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,c1,86,59,4b,c1,30,4c,b6,3b,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,c1,86,59,4b,c1,30,4c,b6,3b,a7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\ThinkPad\UTILIT~1\DPMTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-01-01 17:46:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 22:46
.
Pre-Run: 7,777,820,672 bytes free
Post-Run: 23,647,932,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D97FFED3C35AAA2E3FDC54E1DE30E124
#14 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
Posted 01 January 2012 - 11:52 PM
Looks good :)
Any current issues?
Uninstall McAfee Security Scan Plus, typical foistware.
Uninstall RegClean Pro.
Registry cleaners/optimizers are not recommended for several reasons:
============================================================================
Download OTL to your Desktop.
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
Any current issues?
Uninstall McAfee Security Scan Plus, typical foistware.
Uninstall RegClean Pro.
Registry cleaners/optimizers are not recommended for several reasons:
- Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
- Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
- Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
- Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
- The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
============================================================================
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
#15 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 02 January 2012 - 12:11 AM
This may not be the right topic in which to ask this question. If not, please forgive me. But I had AVG 8.5 Free which I uninstalled. I noticed that you assumed Avast and Avira as the antivirus programs that were most often used.
Where do I ask what anti-virus, firewall and anti-malware programs should be used to practice safe computing and keep me out of the problem I got into? The computer I have posted about is an office workstation and I surely don't want to infect our office network/server. As far as the registry cleaner, I will do as you recommend and uninstall it. You're right, McAfee was foisted upon me and i will uninstall that too.
Where do I ask what anti-virus, firewall and anti-malware programs should be used to practice safe computing and keep me out of the problem I got into? The computer I have posted about is an office workstation and I surely don't want to infect our office network/server. As far as the registry cleaner, I will do as you recommend and uninstall it. You're right, McAfee was foisted upon me and i will uninstall that too.
#16 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
Posted 02 January 2012 - 12:24 AM
There is no perfect security program, so you can't tell which one is the best one.
I stopped recommending AVG (which I was using for some time) few years ago, when it started having one issue after another.
I believe it started happenning when the original Czech company was taken over by Americans.
I stopped recommending AVG (which I was using for some time) few years ago, when it started having one issue after another.
I believe it started happenning when the original Czech company was taken over by Americans.
#17 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 02 January 2012 - 01:04 AM
I was just about to post that problems seemed to be cleared up when I thought to look at the running processes. To my surprise I found three of the three letter processes which are symptomatic of the Antivirus 2012 malware according to, I think, bleepingcomputer. But my latest problem, which was redirection of my Firefox browser, seems to be cured. For the first time, I'm able to post from my office workstation.
#18 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 09:05 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 11h 10m 58s
#19 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 02 January 2012 - 01:15 AM
Sorry about that, must have not read the otl.txt and extras.txt into memory.
#20 Re: [RESOLVED] Antivirus 2012 malware
-
-
- 44 posts
- Joined: December 29, 2011
- 4 topics
- Skin: IP.Board
- Local time: 11:05 AM
$ Supporting Member
-
Zodiac:Sagittarius
- Gender:Male
- OS:Windows XP
-
Country:
- Time Online: 11h 47m 16s
Posted 02 January 2012 - 01:16 AM
OTL logfile created on: 1/1/2012 7:23:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MC\Desktop\Antimalware Broni Steps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.11 Mb Total Physical Memory | 86.84 Mb Available Physical Memory | 11.32% Memory free
1.83 Gb Paging File | 1.26 Gb Available in Paging File | 68.80% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 21.93 Gb Free Space | 29.43% Space Free | Partition Type: NTFS
Drive E: | 74.48 Gb Total Space | 45.25 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 160.52 Gb Free Space | 34.47% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 243.33 Gb Free Space | 52.26% Space Free | Partition Type: FAT
Drive I: | 37.26 Gb Total Space | 27.49 Gb Free Space | 73.78% Space Free | Partition Type: NTFS
Drive P: | 74.53 Gb Total Space | 6.01 Gb Free Space | 8.07% Space Free | Partition Type: NTFS
Drive T: | 1863.01 Gb Total Space | 1445.91 Gb Free Space | 77.61% Space Free | Partition Type: NTFS
Computer Name: MCLENOVO | User Name: MC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/01 19:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MC\Desktop\Antimalware Broni Steps\OTL.exe
PRC - [2011/12/09 06:18:18 | 000,272,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.250\SSScheduler.exe
PRC - [2011/11/10 19:53:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/04/05 07:10:28 | 001,149,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/03/18 10:11:52 | 000,064,064 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2010/03/18 10:10:56 | 000,068,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/03/18 10:10:34 | 000,059,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/10 19:53:15 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:30:14 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 02:29:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:27:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:24:53 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:23:15 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:23:02 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:22:28 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:18:57 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:18:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/13 02:15:27 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/06/22 06:55:14 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3405.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:14 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3405.36845__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3405.36840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:13 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3405.36844__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:13 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3405.36917__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3405.36897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3405.36879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:13 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3405.36834__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3405.36834__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3405.36918__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3405.36884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:08 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3405.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:08 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3405.36846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:08 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:07 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3405.36866__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:07 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3405.36877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:06 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3405.36871__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3403.16841__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3403.16829__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3403.16821__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3403.16839__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3403.16852__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/06/22 06:55:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3403.16814__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/06/22 06:55:03 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/06/22 06:55:03 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3403.16813__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/06/22 06:55:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3403.16838__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/06/22 06:55:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/06/22 06:55:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3403.16851__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/06/22 06:55:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3403.16818__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/06/22 06:55:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3403.16866__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/06/22 06:55:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3403.16830__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3403.16823__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3403.16828__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3403.16842__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/06/22 06:55:01 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/06/22 06:55:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3403.16850__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3403.16836__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3403.16844__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3403.16839__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3403.16838__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/06/22 06:54:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3403.16828__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/06/22 06:54:58 | 000,602,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3405.36941__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/06/22 06:54:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3405.36922__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/06/22 06:54:58 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/06/22 06:54:58 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/06/22 06:54:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3405.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/06/22 06:54:57 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3405.36839__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/06/22 06:54:57 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3405.36911__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/06/22 06:54:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3405.36910__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/06/22 06:54:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3403.16820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/06/22 06:54:57 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3403.16826__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/06/22 06:54:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3403.16839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/06/22 06:54:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3403.16827__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/06/22 06:54:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3403.16838__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/06/22 06:54:56 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3405.36906__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/06/22 06:54:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3405.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/06/22 06:54:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3405.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/06/22 06:54:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3403.16840__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/06/22 06:54:55 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3405.36830__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/06/22 06:54:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3403.16835__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/06/22 06:54:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3403.16838__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/06/22 06:54:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3403.16846__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/06/22 06:54:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3405.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2010/06/22 06:54:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3405.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/06/22 06:54:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/06/22 06:54:54 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3405.36911__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/18 10:11:52 | 000,064,064 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
MOD - [2010/03/18 10:10:56 | 000,068,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/03/18 10:10:34 | 000,059,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
MOD - [2010/03/17 00:02:00 | 000,028,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/03/17 00:02:00 | 000,010,240 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\DPMTRAY.DLL
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/03/16 11:49:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/09 06:18:18 | 000,237,272 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.250\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/18 10:10:56 | 000,068,160 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/29 15:00:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/04/28 22:30:46 | 003,643,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/27 10:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/20 03:01:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/02/10 14:49:10 | 000,018,048 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1715567821-861567501-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c1f19bc&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 19:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/03 16:28:48 | 000,000,000 | ---D | M]
[2010/06/24 16:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MC\Application Data\Mozilla\Extensions
[2010/06/24 16:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MC\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2011/12/31 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions
[2010/07/09 17:06:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/31 19:44:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions\foxmarks@kei.com
[2010/07/09 17:05:58 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions\LogMeInClient@logmein.com
[2011/11/10 19:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 19:53:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/20 19:54:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2011/11/10 19:53:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 19:53:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AT_KarimRashidV3 = C:\Documents and Settings\MC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldjcbfljkplgifccngillicohclloidg\3\
O1 HOSTS File: ([2012/01/01 17:40:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.250\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Event Reminder.lnk = File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Start WDBVPSyncServiceLite.lnk = C:\Program Files\Wireless Database Viewer Plus Lite\Desktop Files\WDBVPStartSyncServiceLite.exe ()
O4 - Startup: C:\Documents and Settings\MC\Start Menu\Programs\Startup\Event Reminder.lnk = File not found
O4 - Startup: C:\Documents and Settings\MC\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.1.65 65.32.1.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266C3E0E-F3EA-4A34-B4D7-1A897DCCF885}: DhcpNameServer = 65.32.1.65 65.32.1.70
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Drive©\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\GreenstoneMOD.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Drive©\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\GreenstoneMOD.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/11 18:28:08 | 000,000,050 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/11 18:28:08 | 000,000,050 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 16:13:04 | 000,000,586 | ---- | M] () - F:\autorun 2010-03-17 17;13;05.7z -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 10:56:41 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/03 16:13:56 | 000,000,000 | ---- | M] () - T:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/01 19:20:12 | 000,000,000 | ---D | M] - T:\AutoUp -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/12/31 20:51:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/31 20:33:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/31 20:33:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/31 20:33:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/31 20:33:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/31 20:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/31 20:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 15:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MC\Desktop\Antimalware Broni Steps
[2011/12/29 14:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/20 21:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Evernote
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/01 19:25:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CDF1B77F-9A4E-49A8-821F-74D463D33267}.job
[2012/01/01 18:13:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\MC\Desktop\MBR.dat
[2012/01/01 17:40:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/01 17:40:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/01 15:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/12/31 22:05:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 22:05:31 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/31 20:51:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/30 17:32:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 15:00:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/29 14:58:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 14:38:33 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\McAfee Security Scan Plus.lnk
[2011/12/29 14:38:33 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/29 08:37:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe.b
[2011/12/28 21:11:59 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/12/28 20:31:55 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2011/12/26 16:06:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/24 09:07:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\m40hE.com.b
[2011/12/24 09:07:48 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kPeFAL2.dat
[2011/12/23 17:44:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Daily Shutdown and Restart.job
[2011/12/23 17:06:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Daily SR Done Display Addendum.job
[2011/12/22 20:43:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\MC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 18:19:03 | 000,016,336 | -HS- | M] () -- C:\Documents and Settings\MC\Local Settings\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/22 18:19:03 | 000,016,336 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/21 21:11:10 | 000,000,176 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/20 21:25:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\MC\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/20 21:23:15 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\MC\Desktop\Evernote.lnk
[2011/12/19 16:07:16 | 000,013,762 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\232645t4f581f661n688q6hfw7g8
[2011/12/19 16:07:15 | 000,013,762 | -HS- | M] () -- C:\Documents and Settings\MC\Local Settings\Application Data\232645t4f581f661n688q6hfw7g8
[2011/12/15 13:21:18 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:12:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/31 20:51:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/31 20:51:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/31 20:33:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/31 20:33:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/31 20:33:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/31 20:33:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/31 20:33:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 20:42:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\MC\Desktop\MBR.dat
[2011/12/29 14:38:32 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\McAfee Security Scan Plus.lnk
[2011/12/29 08:37:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe.b
[2011/12/28 21:48:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/24 09:07:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\m40hE.com.b
[2011/12/24 06:38:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kPeFAL2.dat
[2011/12/21 17:09:58 | 000,016,336 | -HS- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/21 17:09:58 | 000,016,336 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/20 21:25:55 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\MC\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/20 21:23:13 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\MC\Desktop\Evernote.lnk
[2011/12/17 18:58:07 | 000,013,762 | -HS- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\232645t4f581f661n688q6hfw7g8
[2011/12/17 18:58:07 | 000,013,762 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\232645t4f581f661n688q6hfw7g8
[2011/01/31 12:37:45 | 000,025,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/28 20:19:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/25 12:55:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\housecall.guid.cache
[2010/12/22 10:36:53 | 000,000,264 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2010/10/14 16:34:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/24 16:35:10 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 16:35:10 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\fusioncache.dat
[2010/06/24 16:18:29 | 000,036,824 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Microsoft Excel.ADR
[2010/06/24 16:18:29 | 000,011,401 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Microsoft Excel.TSK
[2010/06/24 16:18:29 | 000,009,307 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Microsoft Excel.EML
[2010/06/24 16:18:28 | 000,036,804 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\dBase.ADR
[2010/06/24 16:18:28 | 000,030,364 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Comma Separated Values (Windows).ADR
[2010/06/24 16:18:28 | 000,009,323 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Comma Separated Values (Windows).EML
[2010/06/22 16:16:07 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/22 06:57:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/06/22 06:52:28 | 000,035,392 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/06/22 06:51:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/22 06:51:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/22 06:51:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/06/22 06:51:45 | 000,188,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/22 06:51:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/06/22 06:35:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/21 19:33:44 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/21 02:19:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/21 01:48:09 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[2010/06/21 01:47:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/06/21 01:47:29 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\Tutil32.dll
[2010/06/21 01:46:55 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[2010/06/21 01:46:51 | 000,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/06/21 01:46:47 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2010/06/21 01:46:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010/06/21 01:46:34 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2010/06/21 01:44:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2010/06/21 01:44:38 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2010/06/21 01:44:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2010/06/21 01:44:08 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2010/06/21 01:43:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2v.DLL
[2010/06/21 00:07:26 | 000,000,350 | ---- | C] () -- C:\WINDOWS\LOCFILE.INI
[2010/06/21 00:07:21 | 000,122,172 | ---- | C] () -- C:\WINDOWS\IIF Transaction Creator Uninstaller.exe
[2010/06/21 00:07:21 | 000,036,864 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/06/21 00:07:21 | 000,006,842 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2010/06/21 00:07:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/06/21 00:07:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2010/06/21 00:07:21 | 000,000,074 | ---- | C] () -- C:\WINDOWS\crw.ini
[2010/06/21 00:07:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CPSETUP.INI
[2010/06/21 00:07:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2010/06/21 00:07:21 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cs3inst.ini
[2010/06/21 00:07:20 | 000,083,517 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2010/06/21 00:07:20 | 000,003,509 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/21 00:07:20 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/06/21 00:07:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2010/06/21 00:07:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2010/06/21 00:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2010/06/20 21:23:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 21:17:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/20 17:09:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/20 17:08:04 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/16 15:51:53 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,462,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,078,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2010/06/01 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/20 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/03/11 18:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/07/07 15:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2010/04/16 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/04 16:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/02/11 12:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/03/11 18:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/04/16 15:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/01/20 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2006/01/02 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2010/03/11 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/04/16 16:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/03/31 15:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/05 16:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/22 16:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMMON FILES
[2010/08/13 18:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\inFlow Inventory
[2011/02/28 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/07/08 19:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2010/06/22 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 11
[2011/04/21 16:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/21 01:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\BSD
[2010/06/21 01:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Chaos Software
[2010/06/22 06:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\DesktopPwrMgr
[2010/06/21 01:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Leadertech
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\OpenOffice.org
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\PKWARE
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\RFFlow
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\SmartDraw
[2011/11/06 14:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Systweak
[2010/06/21 02:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Uniblue
[2010/06/21 18:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Windows Desktop Search
[2010/06/21 18:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Windows Search
[2009/10/05 19:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\BSD
[2006/12/19 22:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\Chaos Software
[2010/03/11 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\Leadertech
[2010/03/01 20:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\OpenOffice.org
[2006/08/08 16:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\PKWARE
[2010/01/20 16:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\RFFlow
[2010/01/20 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\SmartDraw
[2010/06/24 16:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\BSD
[2010/06/24 16:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Chaos Software
[2010/06/24 16:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\DesktopPwrMgr
[2010/06/24 16:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Leadertech
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\OpenOffice.org
[2010/10/04 14:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Opera
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\PKWARE
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\RFFlow
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\SmartDraw
[2011/09/28 19:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Systweak
[2010/06/24 16:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Uniblue
[2010/06/24 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Windows Desktop Search
[2010/06/24 16:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Windows Search
[2006/01/02 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PKWARE
[2011/12/23 17:44:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Shutdown and Restart.job
[2011/12/23 17:06:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\Daily SR Done Display Addendum.job
[2012/01/01 15:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/12/28 20:31:55 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2012/01/01 19:25:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CDF1B77F-9A4E-49A8-821F-74D463D33267}.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< %SYSTEMDRIVE%\*.* >
[2010/05/04 16:12:02 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/01/11 16:54:48 | 000,029,184 | ---- | M] () -- C:\a.xls
[2009/04/10 18:25:33 | 000,000,275 | ---- | M] () -- C:\ADAMSTK.TXT
[2010/03/11 18:28:08 | 000,000,050 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2010/06/20 21:15:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/31 20:51:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/01 17:46:38 | 000,018,088 | ---- | M] () -- C:\ComboFix.txt
[2005/08/26 12:37:48 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS
[2010/01/12 18:56:03 | 000,000,532 | ---- | M] () -- C:\DDM.TXT
[2006/02/11 17:58:46 | 000,014,336 | ---- | M] () -- C:\DEAITMD.DB
[2010/02/25 13:20:55 | 000,001,278 | ---- | M] () -- C:\debug.txt
[2005/12/13 15:44:12 | 000,000,026 | ---- | M] () -- C:\ezsetuplog.txt
[2010/05/27 20:24:34 | 000,005,086 | -HS- | M] () -- C:\ffastun.ffa
[2010/05/27 20:24:31 | 001,171,456 | -HS- | M] () -- C:\ffastun.ffl
[2010/05/27 20:24:34 | 000,499,712 | -H-- | M] () -- C:\ffastun.ffo
[2010/05/27 20:24:31 | 004,923,392 | -HS- | M] () -- C:\ffastun0.ffx
[2010/05/27 22:25:36 | 001,171,456 | ---- | M] () -- C:\ffastunT.ffl
[2009/01/20 15:53:06 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2010/06/20 20:42:57 | 804,442,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 18:03:42 | 000,021,087 | ---- | M] () -- C:\IDLTEMP.JPG
[2005/08/26 12:37:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/24 15:05:08 | 000,018,432 | ---- | M] () -- C:\Mr QL PP & E Dispositions and Transfers.xls
[2010/06/22 07:21:38 | 000,000,010 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/21 16:46:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/31 22:05:27 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2007/12/18 15:34:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/12/21 14:48:32 | 000,002,098 | ---- | M] () -- C:\Rescued Document 1.txt
[2010/08/12 19:00:00 | 000,008,779 | ---- | M] () -- C:\Rescued Document 10.txt
[2008/03/13 17:27:36 | 000,001,918 | ---- | M] () -- C:\Rescued Document 2.txt
[2009/01/29 14:19:57 | 000,000,844 | ---- | M] () -- C:\Rescued Document 3.txt
[2009/01/29 14:21:34 | 000,000,002 | ---- | M] () -- C:\Rescued Document 4.txt
[2009/02/03 15:46:23 | 000,002,107 | ---- | M] () -- C:\Rescued Document 5.txt
[2009/02/03 15:46:35 | 000,000,483 | ---- | M] () -- C:\Rescued Document 6.txt
[2009/12/03 11:20:02 | 000,000,983 | ---- | M] () -- C:\Rescued Document 7.txt
[2010/02/10 19:58:39 | 000,001,956 | ---- | M] () -- C:\Rescued Document 8.txt
[2010/04/09 19:29:10 | 000,001,285 | ---- | M] () -- C:\Rescued Document 9.txt
[2007/07/09 18:56:51 | 000,007,018 | ---- | M] () -- C:\Rescued Document.txt
[2011/12/28 21:58:32 | 000,000,445 | ---- | M] () -- C:\rkill.log
[2010/02/21 18:52:06 | 000,002,541 | ---- | M] () -- C:\rollback.ini
[2007/03/09 22:29:58 | 000,000,006 | -H-- | M] () -- C:\SA.DAT
[2011/12/31 19:00:24 | 000,044,488 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_31.12.2011_18.55.56_log.txt
[2007/03/09 22:37:37 | 000,000,136 | ---- | M] () -- C:\testbackup.bat
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/06/20 21:20:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
[2011/04/29 17:15:42 | 000,049,645 | ---- | M] () -- C:\WINDOWS\graceful-lioness.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/02/05 15:36:50 | 000,001,578 | -H-- | M] () -- C:\Documents and Settings\MC\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2009/12/31 17:03:55 | 000,001,696 | ---- | M] () -- C:\Program Files\iPhoneWDBVPlusLiteInstall.log
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/06/20 17:07:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/06/20 17:07:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/06/20 17:07:10 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/06/21 16:55:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/22 09:34:58 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\MC\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/12/16 17:40:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\MC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2007/03/04 16:12:04 | 000,635,160 | ---- | M] () -- C:\Documents and Settings\MC\Desktop\BeyondRemoteRCHost.exe
[2010/05/21 19:55:05 | 000,739,328 | ---- | M] (SoftPerfect Research) -- C:\Documents and Settings\MC\Desktop\netscan.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2005/12/16 17:40:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\MC\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
IIF Transaction Creator Uninstaller.exe
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/01 19:22:42 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\MC\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/07/17 10:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 10:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 10:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 08:13:18
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67201D16
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MC\Desktop\Antimalware Broni Steps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.11 Mb Total Physical Memory | 86.84 Mb Available Physical Memory | 11.32% Memory free
1.83 Gb Paging File | 1.26 Gb Available in Paging File | 68.80% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 21.93 Gb Free Space | 29.43% Space Free | Partition Type: NTFS
Drive E: | 74.48 Gb Total Space | 45.25 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 160.52 Gb Free Space | 34.47% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 243.33 Gb Free Space | 52.26% Space Free | Partition Type: FAT
Drive I: | 37.26 Gb Total Space | 27.49 Gb Free Space | 73.78% Space Free | Partition Type: NTFS
Drive P: | 74.53 Gb Total Space | 6.01 Gb Free Space | 8.07% Space Free | Partition Type: NTFS
Drive T: | 1863.01 Gb Total Space | 1445.91 Gb Free Space | 77.61% Space Free | Partition Type: NTFS
Computer Name: MCLENOVO | User Name: MC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/01 19:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MC\Desktop\Antimalware Broni Steps\OTL.exe
PRC - [2011/12/09 06:18:18 | 000,272,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.250\SSScheduler.exe
PRC - [2011/11/10 19:53:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/04/05 07:10:28 | 001,149,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/03/18 10:11:52 | 000,064,064 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2010/03/18 10:10:56 | 000,068,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/03/18 10:10:34 | 000,059,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/10 19:53:15 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:30:14 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 02:29:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:27:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:24:53 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:23:15 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:23:02 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:22:28 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:18:57 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:18:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/13 02:15:27 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/06/22 06:55:14 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3405.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:14 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3405.36845__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3405.36840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:13 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3405.36844__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:13 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3405.36917__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3405.36897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3405.36879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:13 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3405.36834__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3405.36834__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3405.36918__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3405.36884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/06/22 06:55:08 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3405.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:08 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3405.36846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:08 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:07 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3405.36866__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:07 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3405.36877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:06 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/06/22 06:55:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3405.36871__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/06/22 06:55:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3403.16841__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3403.16829__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3403.16821__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3403.16839__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3403.16852__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/06/22 06:55:05 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/06/22 06:55:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3403.16814__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/06/22 06:55:03 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/06/22 06:55:03 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3403.16813__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/06/22 06:55:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3403.16838__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/06/22 06:55:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/06/22 06:55:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3403.16851__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/06/22 06:55:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3403.16818__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/06/22 06:55:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3403.16866__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/06/22 06:55:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3403.16830__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3403.16823__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3403.16828__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3403.16842__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/06/22 06:55:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/06/22 06:55:01 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/06/22 06:55:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3403.16850__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3403.16836__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3403.16844__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/06/22 06:55:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3403.16839__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/06/22 06:54:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3403.16838__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/06/22 06:54:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3403.16828__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/06/22 06:54:58 | 000,602,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3405.36941__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/06/22 06:54:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3405.36922__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/06/22 06:54:58 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/06/22 06:54:58 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/06/22 06:54:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3405.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/06/22 06:54:57 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3405.36839__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/06/22 06:54:57 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3405.36911__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/06/22 06:54:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3405.36910__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/06/22 06:54:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3403.16820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/06/22 06:54:57 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3403.16826__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/06/22 06:54:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3403.16839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/06/22 06:54:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3403.16827__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/06/22 06:54:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3403.16838__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/06/22 06:54:56 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3405.36906__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/06/22 06:54:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3405.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/06/22 06:54:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3405.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/06/22 06:54:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3403.16840__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/06/22 06:54:55 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3405.36830__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/06/22 06:54:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3403.16835__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/06/22 06:54:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3403.16838__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/06/22 06:54:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3403.16846__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/06/22 06:54:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3405.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2010/06/22 06:54:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3405.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/06/22 06:54:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/06/22 06:54:54 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3405.36911__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/18 10:11:52 | 000,064,064 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
MOD - [2010/03/18 10:10:56 | 000,068,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/03/18 10:10:34 | 000,059,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
MOD - [2010/03/17 00:02:00 | 000,028,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/03/17 00:02:00 | 000,010,240 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\DPMTRAY.DLL
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/03/16 11:49:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/09 06:18:18 | 000,237,272 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.250\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/18 10:10:56 | 000,068,160 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/29 15:00:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/04/28 22:30:46 | 003,643,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/27 10:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/20 03:01:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/02/10 14:49:10 | 000,018,048 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1715567821-861567501-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c1f19bc&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 19:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/03 16:28:48 | 000,000,000 | ---D | M]
[2010/06/24 16:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MC\Application Data\Mozilla\Extensions
[2010/06/24 16:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MC\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2011/12/31 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions
[2010/07/09 17:06:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/31 19:44:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions\foxmarks@kei.com
[2010/07/09 17:05:58 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\MC\Application Data\Mozilla\Firefox\Profiles\kfm3e5c6.default\extensions\LogMeInClient@logmein.com
[2011/11/10 19:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 19:53:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/20 19:54:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2011/11/10 19:53:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 19:53:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AT_KarimRashidV3 = C:\Documents and Settings\MC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldjcbfljkplgifccngillicohclloidg\3\
O1 HOSTS File: ([2012/01/01 17:40:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.250\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Event Reminder.lnk = File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Start WDBVPSyncServiceLite.lnk = C:\Program Files\Wireless Database Viewer Plus Lite\Desktop Files\WDBVPStartSyncServiceLite.exe ()
O4 - Startup: C:\Documents and Settings\MC\Start Menu\Programs\Startup\Event Reminder.lnk = File not found
O4 - Startup: C:\Documents and Settings\MC\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-861567501-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.1.65 65.32.1.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266C3E0E-F3EA-4A34-B4D7-1A897DCCF885}: DhcpNameServer = 65.32.1.65 65.32.1.70
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Drive©\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\GreenstoneMOD.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Drive©\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\GreenstoneMOD.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/11 18:28:08 | 000,000,050 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/11 18:28:08 | 000,000,050 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 16:13:04 | 000,000,586 | ---- | M] () - F:\autorun 2010-03-17 17;13;05.7z -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 10:56:41 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/03 16:13:56 | 000,000,000 | ---- | M] () - T:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/01 19:20:12 | 000,000,000 | ---D | M] - T:\AutoUp -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/12/31 20:51:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/31 20:33:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/31 20:33:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/31 20:33:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/31 20:33:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/31 20:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/31 20:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 15:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MC\Desktop\Antimalware Broni Steps
[2011/12/29 14:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/20 21:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Evernote
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/01 19:25:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CDF1B77F-9A4E-49A8-821F-74D463D33267}.job
[2012/01/01 18:13:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\MC\Desktop\MBR.dat
[2012/01/01 17:40:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/01 17:40:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/01 15:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/12/31 22:05:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 22:05:31 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/31 20:51:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/30 17:32:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 15:00:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/29 14:58:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 14:38:33 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\McAfee Security Scan Plus.lnk
[2011/12/29 14:38:33 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/29 08:37:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe.b
[2011/12/28 21:11:59 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/12/28 20:31:55 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2011/12/26 16:06:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/24 09:07:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\m40hE.com.b
[2011/12/24 09:07:48 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kPeFAL2.dat
[2011/12/23 17:44:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Daily Shutdown and Restart.job
[2011/12/23 17:06:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Daily SR Done Display Addendum.job
[2011/12/22 20:43:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\MC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 18:19:03 | 000,016,336 | -HS- | M] () -- C:\Documents and Settings\MC\Local Settings\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/22 18:19:03 | 000,016,336 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/21 21:11:10 | 000,000,176 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/20 21:25:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\MC\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/20 21:23:15 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\MC\Desktop\Evernote.lnk
[2011/12/19 16:07:16 | 000,013,762 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\232645t4f581f661n688q6hfw7g8
[2011/12/19 16:07:15 | 000,013,762 | -HS- | M] () -- C:\Documents and Settings\MC\Local Settings\Application Data\232645t4f581f661n688q6hfw7g8
[2011/12/15 13:21:18 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:12:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/31 20:51:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/31 20:51:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/31 20:33:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/31 20:33:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/31 20:33:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/31 20:33:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/31 20:33:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 20:42:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\MC\Desktop\MBR.dat
[2011/12/29 14:38:32 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\McAfee Security Scan Plus.lnk
[2011/12/29 08:37:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\oM0iNVIC.exe.b
[2011/12/28 21:48:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/24 09:07:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\m40hE.com.b
[2011/12/24 06:38:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kPeFAL2.dat
[2011/12/21 17:09:58 | 000,016,336 | -HS- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/21 17:09:58 | 000,016,336 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kvixcm6u4lpb6etd0evx6v648a4v
[2011/12/20 21:25:55 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\MC\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/20 21:23:13 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\MC\Desktop\Evernote.lnk
[2011/12/17 18:58:07 | 000,013,762 | -HS- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\232645t4f581f661n688q6hfw7g8
[2011/12/17 18:58:07 | 000,013,762 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\232645t4f581f661n688q6hfw7g8
[2011/01/31 12:37:45 | 000,025,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/28 20:19:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/25 12:55:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\housecall.guid.cache
[2010/12/22 10:36:53 | 000,000,264 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2010/10/14 16:34:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/24 16:35:10 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 16:35:10 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MC\Local Settings\Application Data\fusioncache.dat
[2010/06/24 16:18:29 | 000,036,824 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Microsoft Excel.ADR
[2010/06/24 16:18:29 | 000,011,401 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Microsoft Excel.TSK
[2010/06/24 16:18:29 | 000,009,307 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Microsoft Excel.EML
[2010/06/24 16:18:28 | 000,036,804 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\dBase.ADR
[2010/06/24 16:18:28 | 000,030,364 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Comma Separated Values (Windows).ADR
[2010/06/24 16:18:28 | 000,009,323 | ---- | C] () -- C:\Documents and Settings\MC\Application Data\Comma Separated Values (Windows).EML
[2010/06/22 16:16:07 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/22 06:57:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/06/22 06:52:28 | 000,035,392 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/06/22 06:51:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/22 06:51:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/22 06:51:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/06/22 06:51:45 | 000,188,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/22 06:51:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/06/22 06:35:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/21 19:33:44 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/21 02:19:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/21 01:48:09 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[2010/06/21 01:47:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/06/21 01:47:29 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\Tutil32.dll
[2010/06/21 01:46:55 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[2010/06/21 01:46:51 | 000,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/06/21 01:46:47 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2010/06/21 01:46:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010/06/21 01:46:34 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2010/06/21 01:44:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2010/06/21 01:44:38 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2010/06/21 01:44:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2010/06/21 01:44:08 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2010/06/21 01:43:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2v.DLL
[2010/06/21 00:07:26 | 000,000,350 | ---- | C] () -- C:\WINDOWS\LOCFILE.INI
[2010/06/21 00:07:21 | 000,122,172 | ---- | C] () -- C:\WINDOWS\IIF Transaction Creator Uninstaller.exe
[2010/06/21 00:07:21 | 000,036,864 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/06/21 00:07:21 | 000,006,842 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2010/06/21 00:07:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/06/21 00:07:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2010/06/21 00:07:21 | 000,000,074 | ---- | C] () -- C:\WINDOWS\crw.ini
[2010/06/21 00:07:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CPSETUP.INI
[2010/06/21 00:07:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2010/06/21 00:07:21 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cs3inst.ini
[2010/06/21 00:07:20 | 000,083,517 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2010/06/21 00:07:20 | 000,003,509 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/21 00:07:20 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/06/21 00:07:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2010/06/21 00:07:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2010/06/21 00:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2010/06/20 21:23:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 21:17:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/20 17:09:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/20 17:08:04 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/16 15:51:53 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,462,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,078,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2010/06/01 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/20 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/03/11 18:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/07/07 15:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2010/04/16 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/04 16:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/02/11 12:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/03/11 18:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/04/16 15:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/01/20 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2006/01/02 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2010/03/11 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/04/16 16:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/03/31 15:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/05 16:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/22 16:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMMON FILES
[2010/08/13 18:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\inFlow Inventory
[2011/02/28 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/07/08 19:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2010/06/22 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 11
[2011/04/21 16:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/21 01:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\BSD
[2010/06/21 01:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Chaos Software
[2010/06/22 06:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\DesktopPwrMgr
[2010/06/21 01:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Leadertech
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\OpenOffice.org
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\PKWARE
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\RFFlow
[2010/06/21 01:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\SmartDraw
[2011/11/06 14:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Systweak
[2010/06/21 02:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Uniblue
[2010/06/21 18:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Windows Desktop Search
[2010/06/21 18:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1\Application Data\Windows Search
[2009/10/05 19:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\BSD
[2006/12/19 22:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\Chaos Software
[2010/03/11 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\Leadertech
[2010/03/01 20:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\OpenOffice.org
[2006/08/08 16:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\PKWARE
[2010/01/20 16:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\RFFlow
[2010/01/20 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hos1-123\Application Data\SmartDraw
[2010/06/24 16:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\BSD
[2010/06/24 16:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Chaos Software
[2010/06/24 16:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\DesktopPwrMgr
[2010/06/24 16:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Leadertech
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\OpenOffice.org
[2010/10/04 14:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Opera
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\PKWARE
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\RFFlow
[2010/06/24 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\SmartDraw
[2011/09/28 19:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Systweak
[2010/06/24 16:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Uniblue
[2010/06/24 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Windows Desktop Search
[2010/06/24 16:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MC\Application Data\Windows Search
[2006/01/02 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PKWARE
[2011/12/23 17:44:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Shutdown and Restart.job
[2011/12/23 17:06:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\Daily SR Done Display Addendum.job
[2012/01/01 15:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/12/28 20:31:55 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2012/01/01 19:25:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CDF1B77F-9A4E-49A8-821F-74D463D33267}.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< %SYSTEMDRIVE%\*.* >
[2010/05/04 16:12:02 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/01/11 16:54:48 | 000,029,184 | ---- | M] () -- C:\a.xls
[2009/04/10 18:25:33 | 000,000,275 | ---- | M] () -- C:\ADAMSTK.TXT
[2010/03/11 18:28:08 | 000,000,050 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2010/06/20 21:15:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/31 20:51:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/01 17:46:38 | 000,018,088 | ---- | M] () -- C:\ComboFix.txt
[2005/08/26 12:37:48 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS
[2010/01/12 18:56:03 | 000,000,532 | ---- | M] () -- C:\DDM.TXT
[2006/02/11 17:58:46 | 000,014,336 | ---- | M] () -- C:\DEAITMD.DB
[2010/02/25 13:20:55 | 000,001,278 | ---- | M] () -- C:\debug.txt
[2005/12/13 15:44:12 | 000,000,026 | ---- | M] () -- C:\ezsetuplog.txt
[2010/05/27 20:24:34 | 000,005,086 | -HS- | M] () -- C:\ffastun.ffa
[2010/05/27 20:24:31 | 001,171,456 | -HS- | M] () -- C:\ffastun.ffl
[2010/05/27 20:24:34 | 000,499,712 | -H-- | M] () -- C:\ffastun.ffo
[2010/05/27 20:24:31 | 004,923,392 | -HS- | M] () -- C:\ffastun0.ffx
[2010/05/27 22:25:36 | 001,171,456 | ---- | M] () -- C:\ffastunT.ffl
[2009/01/20 15:53:06 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2010/06/20 20:42:57 | 804,442,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 18:03:42 | 000,021,087 | ---- | M] () -- C:\IDLTEMP.JPG
[2005/08/26 12:37:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/24 15:05:08 | 000,018,432 | ---- | M] () -- C:\Mr QL PP & E Dispositions and Transfers.xls
[2010/06/22 07:21:38 | 000,000,010 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/21 16:46:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/31 22:05:27 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2007/12/18 15:34:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/12/21 14:48:32 | 000,002,098 | ---- | M] () -- C:\Rescued Document 1.txt
[2010/08/12 19:00:00 | 000,008,779 | ---- | M] () -- C:\Rescued Document 10.txt
[2008/03/13 17:27:36 | 000,001,918 | ---- | M] () -- C:\Rescued Document 2.txt
[2009/01/29 14:19:57 | 000,000,844 | ---- | M] () -- C:\Rescued Document 3.txt
[2009/01/29 14:21:34 | 000,000,002 | ---- | M] () -- C:\Rescued Document 4.txt
[2009/02/03 15:46:23 | 000,002,107 | ---- | M] () -- C:\Rescued Document 5.txt
[2009/02/03 15:46:35 | 000,000,483 | ---- | M] () -- C:\Rescued Document 6.txt
[2009/12/03 11:20:02 | 000,000,983 | ---- | M] () -- C:\Rescued Document 7.txt
[2010/02/10 19:58:39 | 000,001,956 | ---- | M] () -- C:\Rescued Document 8.txt
[2010/04/09 19:29:10 | 000,001,285 | ---- | M] () -- C:\Rescued Document 9.txt
[2007/07/09 18:56:51 | 000,007,018 | ---- | M] () -- C:\Rescued Document.txt
[2011/12/28 21:58:32 | 000,000,445 | ---- | M] () -- C:\rkill.log
[2010/02/21 18:52:06 | 000,002,541 | ---- | M] () -- C:\rollback.ini
[2007/03/09 22:29:58 | 000,000,006 | -H-- | M] () -- C:\SA.DAT
[2011/12/31 19:00:24 | 000,044,488 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_31.12.2011_18.55.56_log.txt
[2007/03/09 22:37:37 | 000,000,136 | ---- | M] () -- C:\testbackup.bat
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/06/20 21:20:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
[2011/04/29 17:15:42 | 000,049,645 | ---- | M] () -- C:\WINDOWS\graceful-lioness.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/02/05 15:36:50 | 000,001,578 | -H-- | M] () -- C:\Documents and Settings\MC\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2009/12/31 17:03:55 | 000,001,696 | ---- | M] () -- C:\Program Files\iPhoneWDBVPlusLiteInstall.log
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/06/20 17:07:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/06/20 17:07:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/06/20 17:07:10 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/06/21 16:55:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/22 09:34:58 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\MC\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/12/16 17:40:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\MC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2007/03/04 16:12:04 | 000,635,160 | ---- | M] () -- C:\Documents and Settings\MC\Desktop\BeyondRemoteRCHost.exe
[2010/05/21 19:55:05 | 000,739,328 | ---- | M] (SoftPerfect Research) -- C:\Documents and Settings\MC\Desktop\netscan.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2005/12/16 17:40:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\MC\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
IIF Transaction Creator Uninstaller.exe
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/01 19:22:42 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\MC\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/07/17 10:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 10:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 10:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 08:13:18
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67201D16
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
