Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/VundoCryptorS


  • This topic is locked This topic is locked
22 replies to this topic

#1 mfisch

mfisch

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 28 November 2008 - 07:59 PM

Hello all,

I'm a complete novice when it comes to dealing with computer viruses, mostly because I've never had to deal with one before--my anti-virus/spyware software has always done the job. But last night my computer started going crazy.

I'm running on Windows XP. I first noticed that the system was moving much slower than normal (during the last 7-10 days). I also was getting generic "error" messages for different applications (although the applications appeared to continue working--just slower). The problems became more acute last night. Every time I changed to a new internet page in Explorer, my virus detection screen (Computer Associates) immediately came up, along with 5 to 25 pop up boxes. Each box has "RUNDLL" in the corner, lists a file in C:\windows\system 32, and states either "access denied" or "error loading." The virus detection screen showed the virus as Win32/VundoCryptorS and listed the same files shown in the pop up boxes. Each file was listed as infected or deleted. I am unable to navigate with Explorer without this happening for each page change. I've gotten similar messages when I was moving through "My Computer" in Windows.

I ran an adware progam I have, which showed 500+ problem files, but the "fix" did nothing to change the problem. I downloaded FireFox, which I can use (so far) without the virus or error messages appearing. I used FireFox to download your suggested applications. Neither VundoFix nor VundoMundoBegone identified any problem.

So here I am. Please let me know if any more information is needed. I greatly appreciate any help you can give. My RST reports are pasted below.

Thanks,

mfisch


Logfile of random's system information tool 1.04 (written by random/random)
Run by Mark at 2008-11-28 19:13:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (22%) free of 40 GB
Total RAM: 511 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:24 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Mark\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Mark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bostonherald.com/sports/baseball/index.bg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [A00F14D0710.exe] C:\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O20 - Winlogon Notify: __c00E47A6 - C:\WINDOWS\system32\__c00E47A6.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11970 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-23 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-06-23 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-06-05 335872]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2004-10-08 49152]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2005-05-10 11776]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-05-10 110592]
"CaAvTray"=C:\Program Files\Yahoo!\Antivirus\CAVTray.exe [2005-09-25 230512]
"CAVRID"=C:\Program Files\Yahoo!\Antivirus\CAVRID.exe [2005-09-25 185456]
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2005-04-22 397312]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-04-05 950272]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"DIGStream"=C:\Program Files\DIGStream\digstream.exe [2005-10-31 278528]
"DIGServices"=C:\Program Files\ESPNRunTime\DIGServices.exe [2005-10-31 101888]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2005-04-12 229376]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"PowerBar"= []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-23 68856]
"A00F14D0710.exe"=C:\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe []
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe [2008-11-25 9093120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E47A6]
C:\WINDOWS\system32\__c00E47A6.dat [2008-11-27 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-28 19:13:02 ----D---- C:\Program Files\trend micro
2008-11-28 19:13:00 ----D---- C:\rsit
2008-11-28 18:46:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-28 17:59:17 ----D---- C:\Documents and Settings\Mark\Application Data\Mozilla
2008-11-28 17:59:03 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 16:01:34 ----D---- C:\Documents and Settings\Mark\Application Data\AdwareAlert
2008-11-28 16:01:20 ----D---- C:\Program Files\AdwareAlert
2008-11-28 08:55:42 ----D---- C:\VundoFix Backups
2008-11-28 08:55:42 ----A---- C:\VundoFix.txt
2008-11-22 13:52:58 ----D---- C:\Program Files\iPod
2008-11-22 13:52:53 ----D---- C:\Program Files\iTunes
2008-11-22 13:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 13:15:36 ----D---- C:\Program Files\Bonjour
2008-11-22 13:03:12 ----D---- C:\Program Files\Apple Software Update
2008-11-22 13:01:59 ----D---- C:\Program Files\Common Files\Apple
2008-11-22 13:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-22 12:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-11 21:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 21:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 21:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-02 17:08:21 ----A---- C:\WINDOWS\IE4 Error Log.txt

======List of files/folders modified in the last 1 months======

2008-11-28 19:13:02 ----D---- C:\Program Files
2008-11-28 19:13:00 ----D---- C:\WINDOWS\Prefetch
2008-11-28 19:11:59 ----D---- C:\Program Files\lg_fwupdate
2008-11-28 18:51:00 ----D---- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-11-28 18:50:21 ----D---- C:\WINDOWS\Temp
2008-11-28 18:50:17 ----A---- C:\WINDOWS\lgfwup.ini
2008-11-28 18:46:51 ----D---- C:\WINDOWS
2008-11-28 18:46:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 18:38:14 ----D---- C:\Downloads
2008-11-28 17:57:49 ----D---- C:\WINDOWS\system32
2008-11-28 16:01:37 ----SD---- C:\WINDOWS\Tasks
2008-11-28 16:01:25 ----SHD---- C:\WINDOWS\Installer
2008-11-28 16:01:25 ----HD---- C:\Config.Msi
2008-11-28 08:45:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 22:12:38 ----D---- C:\Program Files\PokerStars.NET
2008-11-27 21:36:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-25 21:10:12 ----D---- C:\WINDOWS\Minidump
2008-11-24 20:29:40 ----A---- C:\WINDOWS\win.ini
2008-11-23 16:23:34 ----D---- C:\Documents and Settings\Mark\Application Data\Digidesign
2008-11-23 14:26:28 ----HD---- C:\WINDOWS\inf
2008-11-22 13:21:10 ----D---- C:\WINDOWS\system32\drivers
2008-11-22 13:21:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-22 13:14:55 ----D---- C:\Program Files\QuickTime
2008-11-22 13:11:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-22 13:02:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-22 13:01:59 ----D---- C:\Program Files\Common Files
2008-11-21 18:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-20 20:22:55 ----D---- C:\WINDOWS\CAVTemp
2008-11-17 11:10:54 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-17 10:53:27 ----D---- C:\Program Files\Google
2008-11-13 20:37:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-13 19:37:13 ----D---- C:\WINDOWS\Help
2008-11-11 21:51:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-11 21:51:15 ----A---- C:\WINDOWS\imsins.BAK
2008-11-11 21:50:32 ----D---- C:\WINDOWS\WinSxS
2008-11-09 20:28:09 ----D---- C:\Documents and Settings\Mark\Application Data\Image Zone Express
2008-11-09 20:28:08 ----D---- C:\Documents and Settings\Mark\Application Data\Printer Info Cache
2008-11-03 21:18:52 ----D---- C:\Documents and Settings
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 09:20:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 07:40:14 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-04-05 67584]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2007-07-23 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2005-09-25 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2005-09-25 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2006-07-31 26787]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2005-09-25 15478]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-26 8413]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-06-02 576512]
R3 dalwdmservice;dal service; C:\WINDOWS\system32\drivers\dalwdm.sys [2004-10-08 74240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2007-07-23 108360]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 iLokDrvr;iLok; C:\WINDOWS\System32\DRIVERS\iLokDrvr.sys [2003-07-07 26541]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2007-06-15 19840]
S3 syswrk;syswrk; \??\C:\WINDOWS\System32\drivers\syswrk.sys []
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader; C:\WINDOWS\system32\drivers\usb22ldr.sys [2005-01-21 14272]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 USBMN2X2;M-Audio USB MidiSport 2x2; C:\WINDOWS\system32\drivers\usbmn2x2.sys [2005-01-21 22304]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-06-02 282624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CAISafe;CAISafe; C:\Program Files\Yahoo!\Antivirus\ISafe.exe [2005-09-25 259184]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2004-10-08 49152]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2005-04-05 552960]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 VETMSGNT;VET Message Service; C:\Program Files\Yahoo!\Antivirus\VetMsg.exe [2005-09-25 201840]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-06-05 114688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-11-28 19:13:28

======Uninstall list======

-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AdwareAlert-->MsiExec.exe /X{A959B11F-440B-4148-8B06-2DB99AADB5D8}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Baseball Manager-->C:\PROGRA~1\BASEBA~1\UNWISE.EXE C:\PROGRA~1\BASEBA~1\INSTALL.LOG
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\INSTALL.LOG
Best Buy Rhapsody-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
BIONICLE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B196519A-A2AC-443E-84D1-F336B4E8F304}\Setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Cosmonaut Voice-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD19D839-C01C-4BE7-A356-BF5782BA4AE5}\Setup.exe" -l0x9 FromUninstall
Digidesign Maxim-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5A015-7C21-483F-AA74-5FDDED3B9FF8}\Setup.exe" -l0x9 FromUninstall
Digidesign Pro Tools® LE 6.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2855E177-C18C-4834-AC0A-01D8E015D167}\Setup.exe" -l0x9 FromMaintenance
Digidesign Shared Plug-Ins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCD674C-1751-4548-9005-980F03083187}\Setup.exe" -l0x9 FromUninstall
Disc2Phone-->MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESPN RunTime-->C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
Finale NotePad 2006-->C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2006\uninstal.log
Finale SongWriter 2005-->C:\WINDOWS\unvise32.exe C:\Program Files\Finale SongWriter 2005\uninstal.log
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Grabe Student CD-->MsiExec.exe /I{1E922CA8-8A14-450D-92AA-86825CEE5769}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Smart Web Printing 1.0-->MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IK Digidesign Bundle-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{080AC7E7-266E-4A84-9FAC-DC8C783FEA54}\setup.exe" -l0x9
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java Plug-in 1.1.3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Java Plug-in 1.1\Uninst.isu"
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JOEMEEK Bundle-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05003976-FE71-4984-A37F-A18E974B3F37}\Setup.exe" -l0x9 FromUninstall
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
Live Digidesign Edition 2.1-->C:\PROGRA~1\Ableton\LIVEDI~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVEDI~1.1\Install\INSTALL.LOG
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Luxor (remove only)-->"C:\Program Files\MumboJumbo\Luxor\uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee Personal Firewall Plus-->C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Midisport 2x2 1.0.1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio Midisport 2x2\irunin.ini"
moogerfooger Bundle-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{663EA0CD-7964-4349-8A58-4192F32A8F42}\Setup.exe" -l0x9 FromUninstall
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NASCAR SimRacing Demo-->C:\Program Files\EA SPORTS\NASCAR SimRacing Demo\EAUninstall.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Norton SystemWorks 2003-->MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA252F}
NVIDIA nForce Drivers-->C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
PACE System Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}\Setup.exe" -l0x9 FromUninstall
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Poker 770-->"C:\Poker\Poker 770\_SetupCasino[1].exe" /uninstall
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RCA Pearl (Model TH11, TC11 Series) Firmware Update Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D48DDA6-D5D4-4858-A4F1-4952293E0201}\setup.exe" -l0x9 -remove
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Reason Adapted for Digidesign 2.5-->"C:\Program Files\Propellerhead\Reason Adapted for Digidesign\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SBC Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
SBC Yahoo! Login-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Foundry Sound Forge 6.0-->MsiExec.exe /I{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}
Sony CD Architect 5.0-->MsiExec.exe /I{BFC65A99-883C-48F3-BA12-25ED3BCB2AB7}
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TurboTax Basic 2005-->C:\Program Files\TurboTax\Basic 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
Web Easy Professional 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E376D45C-2C25-4437-9FDE-CEA857BF1DE9}\setup.exe" -l0x9
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Anti-Virus - SBC Yahoo! Online Protection
FW: Personal Firewall Plus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 08 December 2008 - 12:50 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Rootkit Scan setting from "No" to Yes.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 08 December 2008 - 08:20 PM

Stupid question: How do I attach my scan file to a reply?

mfisch

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 08 December 2008 - 08:35 PM

Hello mfisch.

No such thing as a stupid question :thumbsup:

Click, in this topic page, ADDREPLY. In the reply page that opens, you can find the attachments section under the main box where you type.

If you have trouble with that, just paste it into your post directly.

With Regards,
The Panda

Edited by PropagandaPanda, 08 December 2008 - 08:37 PM.


#5 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 08 December 2008 - 08:53 PM

The forum pages aren't loading correctly. With ADDREPLY, there's nothing under the main text box other than Post Options, Post Icons, and boxes for Add Reply and Preview Post. No tool bar, no attachment option, etc.

Any other way for me to send this scan file?

Sorry for the hassle.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 08 December 2008 - 09:00 PM

Hello mfisch.

Please copy/paste the contents of OTScanIt.txt directly into your reply then.

If it does not fit.. upload it to me.

Upload File
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    www.bleepingcomputer.com/forums/topic182648.html
  • Select OTScanIt.txt in the OTScanIt folder on your desktop.
  • Under the comments section, say that Panda asked for the submission.
  • If you have uploaded it this way, please add a reply saying you have done so.
With Regards,
The Panda

#7 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 08 December 2008 - 09:40 PM

Here's the scan. Many thanks!!!

OTScanIt2 logfile created on: 12/8/2008 7:27:09 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.2.1	 Folder = C:\Documents and Settings\Mark\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.48 Mb Total Physical Memory | 155.89 Mb Available Physical Memory | 30.48% Memory free
1.21 Gb Paging File | 0.86 Gb Available in Paging File | 71.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.71 Gb Free Space | 27.43% Space Free | Partition Type: NTFS
Drive D: | 72.72 Gb Total Space | 69.23 Gb Free Space | 95.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARK-0NDAN5RR5Y
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
adwarealert.exe -> %ProgramFiles%\AdwareAlert\AdwareAlert.exe -> [2008/11/25 07:09:43 | 09,093,120 | ---- | M] (C-Net Media)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2003/06/02 21:30:20 | 00,282,624 | ---- | M] ()
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2003/06/05 12:35:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.)
cavrid.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> [2005/09/25 13:47:44 | 00,185,456 | ---- | M] (Computer Associates International, Inc.)
cavtray.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> [2005/09/25 13:47:44 | 00,230,512 | ---- | M] (Computer Associates International, Inc.)
digservices.exe -> %ProgramFiles%\ESPNRunTime\DIGServices.exe -> [2005/10/31 11:18:48 | 00,101,888 | ---- | M] (Walt Disney Internet Group)
digstream.exe -> %ProgramFiles%\DIGStream\digstream.exe -> [2005/10/31 11:05:44 | 00,278,528 | ---- | M] (Walt Disney Internet Group)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/10/31 15:55:59 | 00,307,712 | ---- | M] (Mozilla Corporation)
fwupdate.exe -> %ProgramFiles%\lg_fwupdate\fwupdate.exe -> [2005/04/12 09:11:26 | 00,229,376 | ---- | M] (CST)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/06/23 19:41:00 | 00,068,856 | ---- | M] (Google Inc.)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/05 07:50:27 | 00,168,432 | ---- | M] (Google)
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> [2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.)
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2006/12/10 20:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> [2005/07/08 09:25:10 | 01,397,760 | ---- | M] (Nero AG)
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> [2005/09/25 13:47:44 | 00,259,184 | ---- | M] (Computer Associates International, Inc.)
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 17:34:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/04 17:34:43 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/06/20 23:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc)
mcdetect.exe -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc)
mctskshd.exe -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
mim.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mim.exe -> [2005/05/10 15:04:50 | 00,403,456 | ---- | M] (Musicmatch, Inc.)
mm_tray.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mm_tray.exe -> [2005/05/10 15:04:52 | 00,110,592 | ---- | M] (Musicmatch, Inc.)
mmdiag.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\MMDiag.exe -> [2005/05/10 15:04:50 | 00,102,400 | ---- | M] (Musicmatch, Inc.)
mmerefresh.exe -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe -> [2004/10/08 02:48:18 | 00,049,152 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.)
mpfagent.exe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfAgent.exe -> [2005/04/05 13:46:46 | 00,495,616 | ---- | M] (McAfee Security)
mpfservice.exe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> [2005/04/05 13:40:06 | 00,552,960 | ---- | M] (McAfee Corporation)
mpftray.exe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe -> [2005/04/05 13:41:18 | 00,950,272 | ---- | M] (McAfee Security)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> [2005/09/07 17:45:16 | 00,118,784 | ---- | M] (Nikon Corporation)
nopdb.exe -> %ProgramFiles%\Norton SystemWorks\Speed Disk\NOPDB.EXE -> [2002/08/14 06:00:00 | 00,172,065 | ---- | M] (Symantec Corporation)
nprotect.exe -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> [2002/08/14 06:03:00 | 00,135,168 | ---- | M] (Symantec Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> [2000/07/13 00:01:00 | 00,115,200 | ---- | M] (SEIKO EPSON CORPORATION)
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2003/08/15 02:34:50 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
type32.exe -> %ProgramFiles%\Microsoft IntelliType Pro\type32.exe -> [2003/05/15 18:45:54 | 00,114,688 | ---- | M] (Microsoft Corporation)
vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> [2005/09/25 13:47:44 | 00,201,840 | ---- | M] (Computer Associates International, Inc.)
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> [2003/09/03 12:16:56 | 00,217,088 | ---- | M] (Yahoo!, Inc.)
ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> [2007/01/26 15:00:22 | 00,054,776 | ---- | M] ()
yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> [2005/04/22 18:49:08 | 00,397,312 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2003/06/02 21:30:20 | 00,282,624 | ---- | M] ()
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2003/06/05 12:35:00 | 00,114,688 | ---- | M] ()
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> [2005/09/25 13:47:44 | 00,259,184 | ---- | M] (Computer Associates International, Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(DigiRefresh) Digidesign MME Refresh Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe -> [2004/10/08 02:48:18 | 00,049,152 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.)
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> [2000/07/13 00:01:00 | 00,115,200 | ---- | M] (SEIKO EPSON CORPORATION)
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/05 07:50:27 | 00,168,432 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007/01/19 22:44:40 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007/01/19 22:44:40 | 00,131,072 | ---- | M] (Hewlett-Packard Co.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 17:34:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/06/20 23:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company)
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc)
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc)
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> [2005/04/05 13:40:06 | 00,552,960 | ---- | M] (McAfee Corporation)
(Net Driver HPZ12) Net Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZinw12.dll -> [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard)
(NProtectService) Norton Unerase Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> [2002/08/14 06:03:00 | 00,135,168 | ---- | M] (Symantec Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.dll -> [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard)
(Speed Disk service) Speed Disk service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Speed Disk\NOPDB.EXE -> [2002/08/14 06:00:00 | 00,172,065 | ---- | M] (Symantec Corporation)
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> [2005/09/25 13:47:44 | 00,201,840 | ---- | M] (Computer Associates International, Inc.)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> [2003/05/19 15:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> [2003/08/14 10:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2003/08/15 02:53:12 | 00,462,684 | ---- | M] (Realtek Semiconductor Corp.)
(AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2008/04/13 13:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2003/06/02 21:40:32 | 00,576,512 | ---- | M] (ATI Technologies Inc.)
(dalwdmservice) dal service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Dalwdm.sys -> [2004/10/08 00:54:08 | 00,074,240 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.)
(DigiFilter) DigiFilter [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\DigiFilt.sys -> [2004/10/08 01:57:24 | 00,020,480 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2006/12/06 01:02:28 | 00,049,920 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2006/12/06 01:02:28 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2006/12/06 01:02:29 | 00,021,568 | R--- | M] (HP)
(iLokDrvr) iLok [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iLokDrvr.sys -> [2003/07/07 13:26:44 | 00,026,541 | ---- | M] (PACE Anti-Piracy, Inc.)
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\InCDfs.sys -> [2005/07/08 17:17:54 | 00,099,584 | ---- | M] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDpass.sys -> [2005/07/08 17:17:36 | 00,029,696 | ---- | M] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\System32\drivers\InCDrm.sys -> [2005/07/08 09:17:32 | 00,028,672 | ---- | M] (Nero AG)
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> [2006/12/26 17:18:48 | 00,008,413 | ---- | M] (RealNetworks, Inc.)
(MPFIREWL) MPFIREWL [Kernel | System | Running] -> %SystemRoot%\system32\drivers\MpFirewall.sys -> [2005/04/05 11:49:14 | 00,067,584 | ---- | M] (McAfee Security)
(NPDriver) Norton Unerase Protection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NPDRIVER.SYS -> [2002/08/14 06:03:00 | 00,034,578 | ---- | M] (Symantec Corporation)
(nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2003/04/21 01:18:00 | 00,052,608 | R--- | M] (NVIDIA Corporation)
(NVENET) NVIDIA nForce MCP Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENET.sys -> [2002/11/27 07:52:00 | 00,080,896 | R--- | M] (NVIDIA Corporation)
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> [2003/03/19 02:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> [2003/12/05 04:46:36 | 00,010,368 | ---- | M] (Padus, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2002/08/29 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2006/10/23 13:26:34 | 00,036,528 | ---- | M] (Sonic Solutions)
(s616bus) Sony Ericsson Device 616 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616bus.sys -> [2007/04/03 12:59:30 | 00,083,208 | ---- | M] (MCCI Corporation)
(s616mdfl) Sony Ericsson Device 616 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616mdfl.sys -> [2007/04/03 12:59:36 | 00,015,112 | ---- | M] (MCCI Corporation)
(s616mdm) Sony Ericsson Device 616 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616mdm.sys -> [2007/04/03 12:59:38 | 00,108,680 | ---- | M] (MCCI Corporation)
(s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616mgmt.sys -> [2007/04/03 12:59:40 | 00,100,360 | ---- | M] (MCCI Corporation)
(s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616nd5.sys -> [2007/04/03 12:59:42 | 00,023,176 | ---- | M] (MCCI Corporation)
(s616obex) Sony Ericsson Device 616 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616obex.sys -> [2007/04/03 12:59:42 | 00,098,568 | ---- | M] (MCCI Corporation)
(s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s616unic.sys -> [2007/04/03 12:59:42 | 00,099,080 | ---- | M] (MCCI Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(StMp3Rec) Player Recovery Device Control Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\StMp3Rec.sys -> [2007/06/15 09:49:30 | 00,019,840 | R--- | M] (Generic)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2002/09/13 08:43:34 | 00,073,224 | ---- | M] (Symantec Corporation)
(TPkd) TPkd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\TPkd.sys -> [2003/11/06 12:04:24 | 00,068,320 | ---- | M] (PACE Anti-Piracy, Inc.)
(USB22LDR) M-Audio USB MidiSport 2x2 Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb22ldr.sys -> [2005/01/21 13:55:27 | 00,014,272 | ---- | M] (MIDIMAN)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.)
(USBMN2X2) M-Audio USB MidiSport 2x2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbmn2x2.sys -> [2005/01/21 13:55:27 | 00,022,304 | ---- | M] (Doug Fetter Software Wizardry)
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Vet-Filt.sys -> [2005/09/25 13:47:43 | 00,021,031 | ---- | M] (Computer Associates International, Inc.)
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Vet-Rec.sys -> [2005/09/25 13:47:43 | 00,015,478 | ---- | M] (Computer Associates International, Inc.)
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\VetEBoot.sys -> [2007/07/23 13:14:47 | 00,108,360 | ---- | M] (Computer Associates International, Inc.)
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %SystemRoot%\System32\drivers\VetEFile.sys -> [2007/07/23 13:14:47 | 00,879,832 | ---- | M] (Computer Associates International, Inc.)
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\VetFDDNT.sys -> [2005/09/25 13:47:43 | 00,015,735 | ---- | M] (Computer Associates International, Inc.)
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vetmonnt.sys -> [2006/07/31 13:53:38 | 00,026,787 | ---- | M] (Computer Associates International, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.bostonherald.com/sports/baseball/index.bg -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: Main\\"Start Page" -> http://www.bostonherald.com/sports/baseball/index.bg -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: SearchURL\\"provider" -> gogl -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Mark\Application Data\Mozilla\FireFox\Profiles\73rq4ig1.default\prefs.js -> 
browser.startup.homepage -> "http://www.bostonherald.com/sports/baseball/index.bg" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [2001/04/16 15:39:02 | 00,037,808 | ---- | M] ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/04 17:34:43 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/06/23 19:41:25 | 02,549,368 | R--- | M] (Google Inc.)
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\SmartWebPrinting.dll [CPrintEnhancer Object] -> [2006/12/15 17:34:28 | 00,599,472 | ---- | M] (Hewlett-Packard Co.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008/10/05 07:50:44 | 00,652,784 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/04 17:34:43 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/04 17:34:44 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/23 19:41:25 | 02,549,368 | R--- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/23 19:41:25 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/23 19:41:25 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/23 19:41:25 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/23 19:41:25 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ATIPTA" -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> [2003/06/05 12:35:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.)
"CaAvTray" -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe ["C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"] -> [2005/09/25 13:47:44 | 00,230,512 | ---- | M] (Computer Associates International, Inc.)
"CAVRID" -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe ["C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"] -> [2005/09/25 13:47:44 | 00,185,456 | ---- | M] (Computer Associates International, Inc.)
"DigidesignMMERefresh" -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe [C:\Program Files\Digidesign\Drivers\MMERefresh.exe] -> [2004/10/08 02:48:18 | 00,049,152 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.)
"DIGServices" -> %ProgramFiles%\ESPNRunTime\DIGServices.exe [C:\Program Files\ESPNRunTime\DIGServices.exe   /brand=ESPN   /priority=0   /poll=24] -> [2005/10/31 11:18:48 | 00,101,888 | ---- | M] (Walt Disney Internet Group)
"DIGStream" -> %ProgramFiles%\DIGStream\digstream.exe [C:\Program Files\DIGStream\digstream.exe] -> [2005/10/31 11:05:44 | 00,278,528 | ---- | M] (Walt Disney Internet Group)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2006/12/10 20:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"InCD" -> %ProgramFiles%\Ahead\InCD\InCD.exe [C:\Program Files\Ahead\InCD\InCD.exe] -> [2005/07/08 09:25:10 | 01,397,760 | ---- | M] (Nero AG)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"LGODDFU" -> %ProgramFiles%\lg_fwupdate\fwupdate.exe ["C:\Program Files\lg_fwupdate\fwupdate.exe"] -> [2005/04/12 09:11:26 | 00,229,376 | ---- | M] (CST)
"MCAgentExe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc)
"MCUpdateExe" -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe [c:\PROGRA~1\mcafee.com\agent\mcupdate.exe] -> [2006/01/11 12:05:42 | 00,212,992 | ---- | M] (McAfee, Inc)
"MimBoot" -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mimboot.exe [C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe] -> [2005/05/10 15:04:50 | 00,011,776 | ---- | M] (Musicmatch, Inc.)
"MMTray" -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mm_tray.exe ["C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"] -> [2005/05/10 15:04:52 | 00,110,592 | ---- | M] (Musicmatch, Inc.)
"MPFExe" -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe [C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe] -> [2005/04/05 13:41:18 | 00,950,272 | ---- | M] (McAfee Security)
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 10:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2003/08/15 02:34:50 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/04 17:34:43 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"type32" -> %ProgramFiles%\Microsoft IntelliType Pro\type32.exe ["C:\Program Files\Microsoft IntelliType Pro\type32.exe"] -> [2003/05/15 18:45:54 | 00,114,688 | ---- | M] (Microsoft Corporation)
"YOP" -> %ProgramFiles%\Yahoo!\YOP\yop.exe [C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart] -> [2005/04/22 18:49:08 | 00,397,312 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"A00F14D0710.exe" -> %SystemDrive%\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe [C:\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe] -> File not found
"AdwareAlert" -> %ProgramFiles%\AdwareAlert\AdwareAlert.exe [C:\Program Files\AdwareAlert\AdwareAlert.exe -boot] -> [2008/11/25 07:09:43 | 09,093,120 | ---- | M] (C-Net Media)
"Aim6" ->  [] -> File not found
"ISUSPM" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation)
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"PowerBar" ->  [] -> File not found
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/06/23 19:41:00 | 00,068,856 | ---- | M] (Google Inc.)
< Run [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"A00F14D0710.exe" -> %SystemDrive%\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe [C:\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe] -> File not found
"AdwareAlert" -> %ProgramFiles%\AdwareAlert\AdwareAlert.exe [C:\Program Files\AdwareAlert\AdwareAlert.exe -boot] -> [2008/11/25 07:09:43 | 09,093,120 | ---- | M] (C-Net Media)
"Aim6" ->  [] -> File not found
"ISUSPM" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation)
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"PowerBar" ->  [] -> File not found
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/06/23 19:41:00 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_SRCV02.EXE -> [2000/09/17 21:04:00 | 00,121,856 | ---- | M] (SEIKO EPSON CORPORATION)
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.)
%AllUsersProfile%\Start Menu\Programs\Startup\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> [2005/09/07 17:45:16 | 00,118,784 | ---- | M] (Nikon Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> [2007/01/26 15:00:22 | 00,054,776 | ---- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Mark Startup Folder > -> C:\Documents and Settings\Mark\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableTaskMgr" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoControlPanel" ->  [0] -> File not found
\\"NoWindowsUpdate" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableTaskMgr" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoControlPanel" ->  [0] -> File not found
\\"NoWindowsUpdate" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableTaskMgr" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 01:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 01:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2007/02/05 18:53:13 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}:Exec [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [Button: PokerStars.net] -> [2008/10/09 14:03:11 | 00,701,720 | ---- | M] (PokerStars)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"ButtonText" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Default Visible" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Exec" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"HotIcon" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Icon" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"MenuStatusBar" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"MenuText" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{13C1DBF6-7535-495c-91F6-8C13714ED485}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/10/09 14:03:11 | 00,701,720 | ---- | M] (PokerStars)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/10/09 14:03:11 | 00,701,720 | ---- | M] (PokerStars)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/10/09 14:03:11 | 00,701,720 | ---- | M] (PokerStars)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"ButtonText" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Default Visible" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Exec" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"HotIcon" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Icon" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"MenuStatusBar" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"MenuText" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{13C1DBF6-7535-495c-91F6-8C13714ED485}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/10/09 14:03:11 | 00,701,720 | ---- | M] (PokerStars)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> [2001/08/01 16:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
  .[msn] -> My Computer -> 
turbotax.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
  .[msn] -> My Computer -> 
turbotax.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0000000A-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{4EC8E993-32C1-47F5-A07A-5B0574655AD4} [HKLM] -> http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab[WXcom Class] -> 
{74C861A1-D548-4916-BC8A-FDE92EDFF62C} [HKLM] -> http://mediaplayer.walmart.com/installer/install.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> 
{A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab[ScorchPlugin Class] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{8EE9D1F2-E65F-4161-97BB-1C9512275B25} ->	(NVIDIA nForce MCP Networking Controller) -> 
{9D1D347A-E41F-4128-A81B-6EE32A73B669} ->	(Sony Ericsson Device 616 USB Ethernet Emulation (NDIS 5)) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
__c007BBDD -> %SystemRoot%\system32\__c007BBDD.dat -> [1980/08/16 19:00:00 | 00,025,600 | ---- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2008/03/03 12:03:49 | 10,343,712 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2007/03/08 00:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/03/19 19:09:42 | 03,679,784 | ---- | M] (Intuit, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/01/19 12:49:28 | 04,670,968 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/01/19 12:49:30 | 00,091,640 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox] -> [2007/01/26 15:00:21 | 06,149,624 | ---- | M] (Yahoo!)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/01/21 11:23:23 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 19:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2002/08/29 15:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2008/04/13 19:12:27 | 00,029,184 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 19:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S -> 
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value  does not exist or could not be read.] -> [2003/07/14 21:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2003/08/04 12:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation)
mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2003/08/01 14:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"AntiVirusDisableNotify" ->  [1] -> File not found
\\"FirewallDisableNotify" ->  [1] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
\Monitoring\McAfeeFirewall\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{044146E4-A924-458A-9948-4B9C7C7D9321} -> LightScribe  1.4.31.1
{05003976-FE71-4984-A37F-A18E974B3F37} -> JOEMEEK Bundle
{080AC7E7-266E-4A84-9FAC-DC8C783FEA54} -> IK Digidesign Bundle
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{0D2E9DCB-9938-475E-B4DD-8851738852FF} -> AIO_Scan
{1746EA69-DCB6-4408-B5A5-E75F55439CDF} -> Scan
{179C56A4-F57F-4561-8BBF-F911D26EB435} -> WebReg
{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283} -> Wal-Mart Music Downloads Store
{1E922CA8-8A14-450D-92AA-86825CEE5769} -> Grabe Student CD
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> Multimedia Launcher
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{24557DC0-0839-496f-82F9-C4EB72EFE4FA} -> HP Deskjet All-In-One Software 8.0
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11
{2855E177-C18C-4834-AC0A-01D8E015D167} -> Digidesign Pro Tools® LE 6.7
{28F58CDE-6241-4B11-8232-6A5D4FB06E8B} -> PACE System Files
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} -> Rhapsody Player Engine
{318AB667-3230-41B5-A617-CB3BF748D371} -> iTunes
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{36FDBE6E-6684-462B-AE98-9A39A1B200CC} -> HP Product Assistant
{43C3D832-AC96-463A-2003-1B8D1BFA252F} -> Norton SystemWorks 2003
{51E5A015-7C21-483F-AA74-5FDDED3B9FF8} -> Digidesign Maxim
{6179550A-3E7C-499E-BCC9-9E8113E0A285} -> LG ODD Auto Firmware Update
{62FC357F-022B-4F90-9376-7A0DF9FBE7A1} -> Sonic Foundry Sound Forge 6.0
{657F8B33-CBBB-45F4-9087-274F22C89400} -> DJ_AIO_ProductContext
{663EA0CD-7964-4349-8A58-4192F32A8F42} -> moogerfooger Bundle
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder
{67D3F1A0-A1F2-49b7-B9EE-011277B170CD} -> HPProductAssistant
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA} -> AnswerWorks 4.0 Runtime - English
{7DDEABFB-0621-4321-B385-CB86D3A6F90F} -> F4100
{81463B08-A929-4125-A5F4-1B053AC35A09} -> Microsoft IntelliType Pro 5.0
{85D3CC30-8859-481A-9654-FD9B74310BEF} -> Musicmatch® Jukebox
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} -> Bonjour
{8D48DDA6-D5D4-4858-A4F1-4952293E0201} -> RCA Pearl (Model TH11, TC11 Series) Firmware Update Utility
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9} -> MarketResearch
{978C25EE-5777-46e4-8988-732C297CBDBD} -> Status
{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF} -> Destinations
{9ECB4705-B9CB-405A-B6D4-33BDF707308E} -> DJ_AIO_Software
{A36CD345-625C-4d6c-B3E2-76E1248CB451} -> SolutionCenter
{A3B7C670-4A1E-4EE2-950E-C875BC1965D0} -> Copy
{A5F68DC8-0278-4AD8-B413-861509B5F25B} -> ArcSoft Panorama Maker 3
{A959B11F-440B-4148-8B06-2DB99AADB5D8} -> AdwareAlert
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
{AC76BA86-7AD7-1033-7B44-000000000001} -> Adobe Reader 6.0
{ACE22C48-49D7-4531-BE20-5C3D03393AB6} -> F4100_Help
{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F} -> TurboTax ItsDeductible 2006
{B196519A-A2AC-443E-84D1-F336B4E8F304} -> BIONICLE
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B7A0CE06-068E-11D6-97FD-0050BACBF861} -> PowerProducer
{B97CF5C3-0487-11D8-A36E-0050BAE317E1} -> DVD Solution
{BCE72AED-3332-4863-9567-C5DCB9052CA2} -> Netflix Movie Viewer
{BE77A81F-B315-4666-9BF3-AE70C0ADB057} -> BufferChm
{BFC65A99-883C-48F3-BA12-25ED3BCB2AB7} -> Sony CD Architect 5.0
{C01408FC-117C-44B7-8B0C-17794E526A01} -> Disc2Phone
{C716522C-3731-4667-8579-40B098294500} -> Toolbox
{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} -> HP Update
{CD19D839-C01C-4BE7-A356-BF5782BA4AE5} -> Cosmonaut Voice
{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} -> Nikon Message Center
{D8875A71-B386-4AFB-0098-4DF37EB4CF8B} -> NASCAR SimRacing Demo
{DBCD674C-1751-4548-9005-980F03083187} -> Digidesign Shared Plug-Ins
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer
{DC83F417-8068-4074-BA2F-C4F8AB872556} -> DJ_AIO_Software_min
{E06F04B9-45E6-4AC0-8083-85F7515F40F7} -> UnloadSupport
{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB} -> HP Smart Web Printing 1.0
{E376D45C-2C25-4437-9FDE-CEA857BF1DE9} -> Web Easy Professional 5.0
{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475} -> WexTech AnswerWorks
{EB21A812-671B-4D08-B974-2A347F0D8F70} -> HP Photosmart Essential
{EB75DE50-5754-4F6F-875D-126EDF8E4CB3} -> HPSSupply
{EC4455AB-F155-4CC1-A4C5-88F3777F9886} -> Apple Mobile Device Support
{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} -> 32 Bit HP CIO Components Installer
{F958CA02-BB40-4007-894B-258729456EE4} -> QuickTime
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
{FF075778-6E50-47ed-991D-3B07FD4E3250} -> TrayApp
{FF3999BE-1A7B-4738-88AA-97BF14094A4A} -> PictureProject
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Age of Empires 2.0 -> Microsoft Age of Empires II
AIM_6 -> AIM 6
ATI Display Driver -> ATI Display Driver
Baseball Manager -> Baseball Manager
Best Buy Digital Music Store -> Best Buy Digital Music Store
Best Buy Rhapsody -> Best Buy Rhapsody
Enable S3 for USB Device -> Enable S3 for USB Device
EPSON Printer and Utilities -> EPSON Printer Software
ESPN RunTime -> ESPN RunTime
Finale NotePad 2006 -> Finale NotePad 2006
Finale SongWriter 2005 -> Finale SongWriter 2005
Google Updater -> Google Updater
HijackThis -> HijackThis 2.0.2
HP Imaging Device Functions -> HP Imaging Device Functions 8.0
HP Solution Center & Imaging Support Tools -> HP Solution Center 8.0
HPExtendedCapabilities -> HP Customer Participation Program 8.0
InCD!UninstallKey -> InCD
InterActual Player -> InterActual Player
Java Plug-in -> Java Plug-in 1.1.3
Live Digidesign Edition 2.1 -> Live Digidesign Edition 2.1
LiveReg -> LiveReg (Symantec Corporation)
LiveUpdate -> LiveUpdate 1.80 (Symantec Corporation)
Luxor -> Luxor (remove only)
Macromedia Shockwave Player -> Macromedia Shockwave Player
McAfee Personal Firewall Plus -> McAfee Personal Firewall Plus
Mcafee SecurityCenter -> McAfee SecurityCenter
MIDIsport2x2 -> Midisport 2x2 1.0.1.0
Mozilla Firefox (3.0.4) -> Mozilla Firefox (3.0.4)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Nero - Burning Rom!UninstallKey -> Nero OEM
NeroVision!UninstallKey -> NeroVision Express 2
Norton Speed Disk -> Norton Speed Disk 7.0 for Windows NT
Norton Utilities -> Norton Utilities 2003 for Windows
NVIDIA nForce Drivers -> NVIDIA nForce Drivers
oggcodecs -> oggcodecs 0.71.0946
PictureProject In Touch Downloader -> PictureProject In Touch Downloader 1.0
Poker 770 -> Poker 770
PokerStars.net -> PokerStars.net
Reason Adapted for Digidesign_is1 -> Reason Adapted for Digidesign 2.5
SBC Yahoo! Applications -> SBC Yahoo! Applications
SBC Yahoo! Login -> SBC Yahoo! Login
Switch -> Switch
TurboTax Basic 2005 -> TurboTax Basic 2005
TurboTax Deluxe 2007 -> TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006 -> TurboTax Deluxe Deduction Maximizer 2006
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Absolute Poker -> Absolute Poker
< Uninstall List [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Absolute Poker -> Absolute Poker
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008/08/29 09:53:50 | 00,147,456 | ---- | M] (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\VetRedir.dll -> [2005/09/25 13:47:44 | 00,074,864 | ---- | M] (Computer Associates International, Inc.)
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 12/2/2008 10:12:35 AM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/2/2008 10:12:36 AM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/5/2008 4:39:36 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/5/2008 4:39:36 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/5/2008 4:39:36 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/5/2008 4:40:35 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/5/2008 5:55:20 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/6/2008 4:09:29 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Hang | ID = 1002 -> Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/6/2008 7:32:24 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Error | ID = 1000 -> Description = Faulting application ycommon.exe, version 2003.9.3.1, faulting module wininet.dll, version 6.0.2900.5659, fault address 0x00014464.
Application [ Error ] 12/6/2008 8:18:13 PM Computer Name = MARK-0NDAN5RR5Y | Source = Application Error | ID = 1000 -> Description = Faulting application hpqtra08.exe, version 82.0.188.0, faulting module unknown, version 0.0.0.0, fault address 0x771d5c7e.
System [ Error ] 11/22/2008 2:37:56 PM Computer Name = MARK-0NDAN5RR5Y | Source = Service Control Manager | ID = 7024 -> Description = The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
System [ Error ] 11/23/2008 2:11:18 PM Computer Name = MARK-0NDAN5RR5Y | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments ""  in order to run the server:  {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
System [ Error ] 11/25/2008 10:07:27 PM Computer Name = MARK-0NDAN5RR5Y | Source = ati2mtag | ID = 262252 -> Description = The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This  usually indicates a problem with the device itself or with the device  driver programming the hardware incorrectly. Please check with your  hardware device vendor for any driver updates.
System [ Error ] 11/25/2008 10:11:55 PM Computer Name = MARK-0NDAN5RR5Y | Source = System Error | ID = 1003 -> Description = Error code 000000ea, parameter1 838b6020, parameter2 83836980, parameter3 83853670, parameter4 00000001.
System [ Error ] 11/28/2008 9:37:51 AM Computer Name = MARK-0NDAN5RR5Y | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments ""  in order to run the server:  {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
System [ Error ] 11/28/2008 7:47:41 PM Computer Name = MARK-0NDAN5RR5Y | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 11/28/2008 7:48:34 PM Computer Name = MARK-0NDAN5RR5Y | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 11/29/2008 10:57:31 AM Computer Name = MARK-0NDAN5RR5Y | Source = ati2mtag | ID = 262252 -> Description = The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This  usually indicates a problem with the device itself or with the device  driver programming the hardware incorrectly. Please check with your  hardware device vendor for any driver updates.
System [ Error ] 11/29/2008 11:03:36 AM Computer Name = MARK-0NDAN5RR5Y | Source = System Error | ID = 1003 -> Description = Error code 000000ea, parameter1 836b3740, parameter2 838dd108, parameter3 83847ea0, parameter4 00000001.
System [ Error ] 11/29/2008 11:21:09 PM Computer Name = MARK-0NDAN5RR5Y | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments ""  in order to run the server:  {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
 
[Files/Folders - Created Within 30 Days]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/08 19:26:12 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/08 19:25:26 | 00,647,651 | ---- | C] ()
__c007BBDD.dat -> %SystemRoot%\System32\__c007BBDD.dat -> [2008/12/06 18:32:10 | 00,025,600 | ---- | C] ()
__c00CFE68.dat -> %SystemRoot%\System32\__c00CFE68.dat -> [2008/12/06 18:32:06 | 00,025,600 | ---- | C] ()
Absolute Poker.lnk -> %UserProfile%\Desktop\Absolute Poker.lnk -> [2008/12/06 16:09:57 | 00,000,734 | ---- | C] ()
Absolute Poker -> %ProgramFiles%\Absolute Poker -> [2008/12/06 16:09:27 | 00,000,000 | ---D | C]
_uninstallation_info -> %ProgramFiles%\_uninstallation_info -> [2008/12/06 16:09:24 | 00,000,000 | ---D | C]
AbsolutePoker8_4_8.exe -> %UserProfile%\Desktop\AbsolutePoker8_4_8.exe -> [2008/12/06 16:08:43 | 09,162,456 | ---- | C] ()
Ingredients for volleyball.doc -> %UserProfile%\My Documents\Ingredients for volleyball.doc -> [2008/12/05 16:54:47 | 00,026,624 | ---- | C] ()
pixel-vfl73.gif -> %UserProfile%\Desktop\pixel-vfl73.gif -> [2008/12/02 17:46:25 | 00,000,043 | ---- | C] ()
Ryan Current Event.doc -> %UserProfile%\My Documents\Ryan Current Event.doc -> [2008/11/30 21:19:41 | 00,022,528 | ---- | C] ()
trend micro -> %ProgramFiles%\trend micro -> [2008/11/28 19:13:02 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2008/11/28 19:13:00 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/11/28 19:11:49 | 00,305,705 | ---- | C] ()
VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> [2008/11/28 18:18:27 | 00,096,978 | ---- | C] (Business Information Solutions)
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [2008/11/28 17:59:17 | 00,000,000 | ---D | C]
Mozilla -> %AppData%\Mozilla -> [2008/11/28 17:59:17 | 00,000,000 | ---D | C]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/11/28 17:59:08 | 00,001,602 | ---- | C] ()
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [2008/11/28 17:59:03 | 00,000,000 | ---D | C]
AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job -> [2008/11/28 16:01:37 | 00,000,494 | ---- | C] ()
AdwareAlert -> %AppData%\AdwareAlert -> [2008/11/28 16:01:34 | 00,000,000 | ---D | C]
AdwareAlert.lnk -> %AllUsersProfile%\Desktop\AdwareAlert.lnk -> [2008/11/28 16:01:24 | 00,001,854 | ---- | C] ()
AdwareAlert -> %ProgramFiles%\AdwareAlert -> [2008/11/28 16:01:20 | 00,000,000 | ---D | C]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2008/11/28 08:55:42 | 00,000,000 | ---D | C]
volleyball.doc -> %UserProfile%\My Documents\volleyball.doc -> [2008/11/23 13:20:08 | 00,027,136 | ---- | C] ()
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/11/22 13:53:42 | 00,002,137 | ---- | C] ()
iPod -> %ProgramFiles%\iPod -> [2008/11/22 13:52:58 | 00,000,000 | ---D | C]
iTunes -> %ProgramFiles%\iTunes -> [2008/11/22 13:52:53 | 00,000,000 | ---D | C]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/11/22 13:52:53 | 00,000,000 | ---D | C]
Bonjour -> %ProgramFiles%\Bonjour -> [2008/11/22 13:15:36 | 00,000,000 | ---D | C]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [2008/11/22 13:14:55 | 00,001,604 | ---- | C] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/22 13:10:56 | 00,054,156 | -H-- | C] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2008/11/22 13:10:56 | 00,001,409 | ---- | C] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/22 13:03:26 | 00,000,284 | ---- | C] ()
Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [2008/11/22 13:03:24 | 00,000,000 | ---D | C]
Apple Software Update -> %ProgramFiles%\Apple Software Update -> [2008/11/22 13:03:12 | 00,000,000 | ---D | C]
Apple -> %CommonProgramFiles%\Apple -> [2008/11/22 13:01:59 | 00,000,000 | ---D | C]
Apple -> %AllUsersProfile%\Application Data\Apple -> [2008/11/22 13:01:58 | 00,000,000 | ---D | C]
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/11 15:32:21 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/11 15:31:47 | 01,106,944 | ---- | C] (Microsoft Corporation)
Legend of Sleepy Hollow quiz.doc -> %UserProfile%\My Documents\Legend of Sleepy Hollow quiz.doc -> [2008/11/08 20:10:59 | 00,034,816 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2005/09/26 19:19:37 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/17 11:12:25 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/17 11:12:25 | 00,004,232 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2005/09/29 21:47:38 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/09/29 21:47:38 | 00,008,206 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T -> [2008/12/08 19:22:10 | 00,000,000 | --SD | M]
24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[2].com;tile=2;ord=700853935126 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\24-redemption-1.htm -> File not found
log[1].com&guid=8272F12D-DF54-4BBD-8336-94206BBC2979&sf= -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\log[1].com -> [2008/09/14 17:54:31 | 00,000,001 | ---- | M] ()
photos;rhost=www.people[2].com;tile=1;ord=873716138566 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\photos;rhost=www.peo -> [2008/11/25 18:15:51 | 00,001,922 | ---- | M] ()
photos;rhost=www.people[2].com;tile=3;ord=873716138566 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\photos;rhost=www.peo -> [2008/11/25 18:15:53 | 00,000,476 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7 -> [2008/11/29 12:02:45 | 00,000,000 | --SD | M]
0%2C%2C20242397_20548025%2C00.html;rhost=www.people[2].com;tile=1;ord=65752365529 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397_20548025%2C00.htm -> [2008/11/25 18:14:32 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20493123%2C00.html;rhost=www.people[2].com;tile=2;ord=38920736743 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20493123%2C00.htm -> [2008/11/25 18:17:08 | 00,000,077 | ---- | M] ()
0%2C%2C20242397%2C00.html;rhost=www.people[2].com;tile=2;ord=503323503364 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397%2C00.htm -> [2008/11/25 18:14:00 | 00,001,075 | ---- | M] ()
0%2C%2C20242397%2C00.html;rhost=www.people[2].com;tile=3;ord=503323503364 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397%2C00.htm -> [2008/11/25 18:14:01 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20548063%2C00.html;rhost=www.people[2].com;tile=3;ord=367705436159 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397_20548063%2C00.htm -> [2008/11/25 18:14:04 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20548061%2C00.html;rhost=www.people[2].com;tile=3;ord=115619745466 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397_20548061%2C00.htm -> [2008/11/25 18:14:19 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20493123%2C00.html;rhost=www.people[2].com;tile=4;ord=38920736743 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20493123%2C00.htm -> [2008/11/25 18:17:09 | 00,004,906 | ---- | M] ()
0%2C%2C20139491_20491946%2C00.html;rhost=www.people[2].com;tile=1;ord=608773636664 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20491946%2C00.htm -> [2008/11/25 18:17:24 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20547904%2C00.html;rhost=www.people[2].com;tile=2;ord=725606193535 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397_20547904%2C00.htm -> [2008/11/25 18:15:08 | 00,001,061 | ---- | M] ()
0%2C%2C20139491_20491946%2C00.html;rhost=www.people[2].com;tile=3;ord=608773636664 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20491946%2C00.htm -> [2008/11/25 18:17:25 | 00,000,468 | ---- | M] ()
0%2C%2C20139491_20503532%2C00.html;rhost=www.people[2].com;tile=2;ord=290854580796 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20503532%2C00.htm -> [2008/11/25 18:16:44 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20504122%2C00.html;rhost=www.people[2].com;tile=3;ord=770982057571 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20504122%2C00.htm -> [2008/11/25 18:16:51 | 00,000,468 | ---- | M] ()
0%2C%2C20242397_20547905%2C00.html;rhost=www.people[2].com;tile=1;ord=69743560028 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20242397_20547905%2C00.htm -> [2008/11/25 18:15:29 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20490391%2C00.html;rhost=www.people[2].com;tile=2;ord=102529027505 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20490391%2C00.htm -> [2008/11/25 18:17:28 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20513533%2C00.html;rhost=www.people[2].com;tile=3;ord=601217548974 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\0%2C%2C20139491_20513533%2C00.htm -> [2008/11/25 18:16:17 | 00,000,468 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX -> [2008/11/29 11:33:44 | 00,000,000 | --SD | M]
CA8HE561.com%2Fgames%2Fbattle-wheels%2Fen%2F&lmt=1196982779&dt=1196982779734&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CA8HE561.com -> File not found
CA8P2BSP.com%2Fgames%2Fen%2F&lmt=1196985473&dt=1196985473218&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CA8P2BSP.com -> [2007/12/06 18:57:53 | 00,001,856 | ---- | M] ()
CAI3WTIZ.com%2Fgames%2Fbang-howdy%2Fen%2F&lmt=1196984056&dt=1196984056265&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAI3WTIZ.com -> File not found
CAIN4X4B.com%2Fgames%2Fon-the-run%2Fen%2F&lmt=1196982670&dt=1196982670828&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAIN4X4B.com -> File not found
CASN3FR7.com%2Fgames%2Fen%2F&lmt=1198108652&dt=1198108652880&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CASN3FR7.com -> [2007/12/19 18:57:33 | 00,001,846 | ---- | M] ()
CAWPIF0T.com%2Fgames%2Fen%2F&lmt=1196985484&dt=1196985484140&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAWPIF0T.com -> [2007/12/06 18:58:04 | 00,001,856 | ---- | M] ()
dref=http%253A%252F%252Fwww.miniclip[1].com%252Fgames%252Fbattle-wheels%252Fen%252F -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\dref=http%253A%252F%252Fwww.min -> [2007/12/06 18:18:13 | 00,001,339 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X -> [2008/11/29 12:02:44 | 00,000,000 | --SD | M]
0%2C%2C20139491_20490200%2C00.html;rhost=www.people[2].com;tile=3;ord=249741255970 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20490200%2C00.htm -> [2008/11/25 18:17:47 | 00,000,469 | ---- | M] ()
0%2C%2C20242397_20548060%2C00.html;rhost=www.people[2].com;tile=4;ord=696588019125 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20242397_20548060%2C00.htm -> [2008/11/25 18:14:24 | 00,000,840 | ---- | M] ()
0%2C%2C20242397_20548058%2C00.html;rhost=www.people[2].com;tile=4;ord=791346904372 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20242397_20548058%2C00.htm -> [2008/11/25 18:14:28 | 00,000,154 | ---- | M] ()
0%2C%2C20242397_20548025%2C00.html;rhost=www.people[2].com;tile=4;ord=65752365529 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20242397_20548025%2C00.htm -> [2008/11/25 18:14:33 | 00,001,510 | ---- | M] ()
0%2C%2C20139491_20491946%2C00.html;rhost=www.people[2].com;tile=2;ord=608773636664 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20491946%2C00.htm -> [2008/11/25 18:17:25 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20503532%2C00.html;rhost=www.people[2].com;tile=1;ord=290854580796 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20503532%2C00.htm -> [2008/11/25 18:16:44 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20504122%2C00.html;rhost=www.people[2].com;tile=2;ord=770982057571 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20504122%2C00.htm -> [2008/11/25 18:16:51 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20481044%2C00.html;rhost=www.people[2].com;tile=4;ord=601258829217 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20481044%2C00.htm -> [2008/11/25 18:17:54 | 00,004,456 | ---- | M] ()
0%2C%2C20139491_20514745%2C00.html;rhost=www.people[2].com;tile=2;ord=338066914114 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20514745%2C00.htm -> [2008/11/25 18:16:33 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20492119%2C00.html;rhost=www.people[2].com;tile=3;ord=751164890559 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20492119%2C00.htm -> [2008/11/25 18:17:00 | 00,000,468 | ---- | M] ()
0%2C%2C20139491_20490391%2C00.html;rhost=www.people[2].com;tile=1;ord=102529027505 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20490391%2C00.htm -> [2008/11/25 18:17:28 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20547905%2C00.html;rhost=www.people[2].com;tile=2;ord=69743560028 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20242397_20547905%2C00.htm -> [2008/11/25 18:15:29 | 00,001,061 | ---- | M] ()
0%2C%2C20139491_20513533%2C00.html;rhost=www.people[2].com;tile=1;ord=601217548974 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\0%2C%2C20139491_20513533%2C00.htm -> [2008/11/25 18:16:17 | 00,000,151 | ---- | M] ()
CA0LYRSD.com&guid=3753ED61-C17F-4440-B6D2-B5A8DC362299&sf= -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\CA0LYRSD.com -> [2008/09/14 17:54:32 | 00,000,001 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL -> [2008/11/29 11:33:44 | 00,000,000 | --SD | M]
24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[2].com;tile=1;ord=700853935126 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\24-redemption-1.htm -> File not found
CA2RM5O3.com%2Fgames%2Fen%2F&lmt=1196983053&dt=1196983053421&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CA2RM5O3.com -> [2007/12/06 18:17:33 | 00,001,857 | ---- | M] ()
CAKDA3YF.com%2Fgames%2Fen%2F&lmt=1196984019&dt=1196984019453&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=3&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAKDA3YF.com -> [2007/12/06 18:33:40 | 00,001,849 | ---- | M] ()
CAQZKP6N.com%2Fgames%2Fchess%2Fen%2F&lmt=1196982745&dt=1196982745531&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAQZKP6N.com -> File not found
CAS5MWGZ.com%2Fgames%2Fen%2F&lmt=1196982750&dt=1196982750359&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAS5MWGZ.com -> [2007/12/06 18:12:31 | 00,001,857 | ---- | M] ()
CAU6NJV6.com%2Fgames%2Fen%2F&lmt=1196982811&dt=1196982811906&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAU6NJV6.com -> [2007/12/06 18:13:33 | 00,001,857 | ---- | M] ()
CAW9UBGX.com%2Fgames%2Fen%2F&lmt=1196984020&dt=1196984020781&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=3&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAW9UBGX.com -> [2007/12/06 18:33:40 | 00,001,857 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T -> [2008/11/29 11:33:45 | 00,000,000 | --SD | M]
0%2C%2C20242397_20547900%2C00.html;rhost=www.people[2].com;tile=4;ord=151272148367 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20547900%2C00.htm -> [2008/11/25 18:14:59 | 00,001,808 | ---- | M] ()
0%2C%2C20242397_20547906%2C00.html;rhost=www.people[2].com;tile=4;ord=926576267021 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20547906%2C00.htm -> [2008/11/25 18:15:02 | 00,000,838 | ---- | M] ()
0%2C%2C20139491_20493123%2C00.html;rhost=www.people[2].com;tile=1;ord=38920736743 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20493123%2C00.htm -> [2008/11/25 18:17:08 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20548060%2C00.html;rhost=www.people[2].com;tile=3;ord=696588019125 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20548060%2C00.htm -> [2008/11/25 18:14:24 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20490200%2C00.html;rhost=www.people[2].com;tile=4;ord=249741255970 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20490200%2C00.htm -> [2008/11/25 18:17:47 | 00,004,456 | ---- | M] ()
0%2C%2C20139491_20493123%2C00.html;rhost=www.people[2].com;tile=3;ord=38920736743 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20493123%2C00.htm -> [2008/11/25 18:17:09 | 00,000,468 | ---- | M] ()
0%2C%2C20242397_20548063%2C00.html;rhost=www.people[2].com;tile=2;ord=367705436159 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20548063%2C00.htm -> [2008/11/25 18:14:03 | 00,001,061 | ---- | M] ()
0%2C%2C20242397_20548065%2C00.html;rhost=www.people[2].com;tile=2;ord=462912190859 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20548065%2C00.htm -> [2008/11/25 18:14:08 | 00,001,071 | ---- | M] ()
0%2C%2C20242397_20548066%2C00.html;rhost=www.people[2].com;tile=4;ord=768946311726 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20548066%2C00.htm -> [2008/11/25 18:14:15 | 00,000,168 | ---- | M] ()
0%2C%2C20242397_20547904%2C00.html;rhost=www.people[2].com;tile=4;ord=725606193535 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20242397_20547904%2C00.htm -> [2008/11/25 18:15:08 | 00,000,487 | ---- | M] ()
0%2C%2C20139491_20504122%2C00.html;rhost=www.people[2].com;tile=1;ord=770982057571 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20504122%2C00.htm -> [2008/11/25 18:16:51 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20481044%2C00.html;rhost=www.people[2].com;tile=3;ord=601258829217 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20481044%2C00.htm -> [2008/11/25 18:17:54 | 00,000,469 | ---- | M] ()
0%2C%2C20139491_20492119%2C00.html;rhost=www.people[2].com;tile=2;ord=751164890559 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20492119%2C00.htm -> [2008/11/25 18:17:00 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20490200%2C00.html;rhost=www.people[2].com;tile=1;ord=249741255970 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20490200%2C00.htm -> [2008/11/25 18:17:46 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20490391%2C00.html;rhost=www.people[2].com;tile=3;ord=102529027505 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\0%2C%2C20139491_20490391%2C00.htm -> [2008/11/25 18:17:28 | 00,000,468 | ---- | M] ()
DirectProxy[1].com -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\DirectProxy[1].com -> [2008/11/25 18:29:33 | 00,000,545 | ---- | M] ()
getseal[1].com&size=S&use_flash=NO&use_transparent=NO&lang=en -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\getseal[1].com -> [2008/11/25 18:39:55 | 00,002,471 | ---- | M] ()
photos;rhost=www.people[2].com;tile=2;ord=873716138566 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\photos;rhost=www.peo -> [2008/11/25 18:15:52 | 00,000,812 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9 -> [2008/11/25 19:41:31 | 00,000,000 | --SD | M]
CAMVSPQF.com%2F&ref=&lmt=1209072436&dt=1209072440046&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\CAMVSPQF.com -> [2008/04/24 16:27:20 | 00,001,378 | ---- | M] ()
CAZEEYBD.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072461031&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\CAZEEYBD.com -> File not found
dref=http%253A%252F%252Fdictionary.reference[1].com%252F -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fdictionary.ref -> [2008/04/24 16:27:19 | 00,001,368 | ---- | M] ()
dref=http%253A%252F%252Fdictionary.reference[1].com%252Fbrowse%252Fseduce -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fdictionary.ref -> [2008/04/24 16:27:57 | 00,001,352 | ---- | M] ()
dref=http%253A%252F%252Fwww[1].com%252Fresults%253Fsearch_query%253Dhannah%252520montana%2526search%253DSearch%2526sa%253DX%2526oi%253Dspell%2526resnum%253D0%2526spell%253D1 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww[1].com -> File not found
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Ddon%252527t+stop+believing+kids%2526search_type%253D -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.you -> [2008/04/26 11:56:41 | 00,001,391 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL -> [2008/11/25 21:03:03 | 00,000,000 | --SD | M]
CAM5SCCT.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234321625&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\CAM5SCCT.com -> File not found
dref=http%253A%252F%252Fdictionary.reference[1].com%252Fbrowse%252Fceliac%252520disease -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\dref=http%253A%252F%252Fdictionary.ref -> [2008/04/26 13:25:17 | 00,001,391 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5 -> [2008/11/25 19:41:30 | 00,000,000 | --SD | M]
CA69IJIH.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234318765&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\CA69IJIH.com -> File not found
v2[1].com%2Fsearch%2F&maxCount=7&urlFilters=addictinggames,viacom_master_teen_url&termFilters=addictinggames,viacom_master_teen -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\v2[1].com -> [2008/04/26 13:35:56 | 00,001,962 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV -> [2008/11/25 21:02:47 | 00,000,000 | --SD | M]
CAOGCQ0B.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072476375&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\CAOGCQ0B.com -> File not found
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3 -> [2008/11/25 19:41:30 | 00,000,000 | --SD | M]
CA17VTQR.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072477406&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\CA17VTQR.com -> File not found
CAXWUKAS.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072458750&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\CAXWUKAS.com -> File not found
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Dfunny%2526search_type%253D -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.you -> [2008/04/25 14:41:51 | 00,001,398 | ---- | M] ()
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Dantm%2526search_type%253D -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.you -> [2008/04/25 14:42:03 | 00,001,344 | ---- | M] ()
dref=http%253A%252F%252Fwww.youtube[2].com%252Fresults%253Fsearch_query%253Dantm%2526search_type%253D -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.you -> [2008/04/25 14:45:42 | 00,002,613 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z -> [2008/11/29 10:44:14 | 00,000,000 | --SD | M]
0%2C%2C20139491_20513533%2C00.html;rhost=www.people[2].com;tile=4;ord=601217548974 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20139491_20513533%2C00.htm -> [2008/11/25 18:16:17 | 00,027,359 | ---- | M] ()
0%2C%2C20242397_20547898%2C00.html;rhost=www.people[2].com;tile=2;ord=50288984429 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20547898%2C00.htm -> [2008/11/25 18:14:51 | 00,001,064 | ---- | M] ()
0%2C%2C20242397_20548063%2C00.html;rhost=www.people[2].com;tile=4;ord=367705436159 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20548063%2C00.htm -> [2008/11/25 18:14:04 | 00,000,837 | ---- | M] ()
0%2C%2C20242397_20548065%2C00.html;rhost=www.people[2].com;tile=3;ord=462912190859 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20548065%2C00.htm -> [2008/11/25 18:14:08 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20548066%2C00.html;rhost=www.people[2].com;tile=2;ord=768946311726 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20548066%2C00.htm -> [2008/11/25 18:14:15 | 00,001,066 | ---- | M] ()
0%2C%2C20242397_20548058%2C00.html;rhost=www.people[2].com;tile=1;ord=791346904372 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20548058%2C00.htm -> [2008/11/25 18:14:28 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20481044%2C00.html;rhost=www.people[2].com;tile=2;ord=601258829217 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20139491_20481044%2C00.htm -> [2008/11/25 18:17:54 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20503532%2C00.html;rhost=www.people[2].com;tile=3;ord=290854580796 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20139491_20503532%2C00.htm -> [2008/11/25 18:16:44 | 00,000,468 | ---- | M] ()
0%2C%2C20242397_20547903%2C00.html;rhost=www.people[2].com;tile=2;ord=451380693075 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20547903%2C00.htm -> [2008/11/25 18:15:25 | 00,001,062 | ---- | M] ()
0%2C%2C20139491_20514745%2C00.html;rhost=www.people[2].com;tile=4;ord=338066914114 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20139491_20514745%2C00.htm -> [2008/11/25 18:16:33 | 00,004,915 | ---- | M] ()
0%2C%2C20242397_20547909%2C00.html;rhost=www.people[2].com;tile=2;ord=968622930326 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20547909%2C00.htm -> [2008/11/25 18:15:19 | 00,001,068 | ---- | M] ()
0%2C%2C20242397_20547906%2C00.html;rhost=www.people[2].com;tile=1;ord=926576267021 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20547906%2C00.htm -> [2008/11/25 18:15:02 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20547905%2C00.html;rhost=www.people[2].com;tile=3;ord=69743560028 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20547905%2C00.htm -> [2008/11/25 18:15:29 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20547900%2C00.html;rhost=www.people[2].com;tile=2;ord=151272148367 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\0%2C%2C20242397_20547900%2C00.htm -> [2008/11/25 18:14:58 | 00,001,064 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL -> [2008/11/25 19:41:28 | 00,000,000 | --SD | M]
CAS0S9RU.com%2F&ref=&lmt=1209234299&dt=1209234307984&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=4&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\CAS0S9RU.com -> [2008/04/26 13:25:08 | 00,001,174 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547 -> [2008/11/29 19:23:29 | 00,000,000 | --SD | M]
0%2C%2C%2C00.html;rhost=popwatch.ew[2].com;tile=1;ord=562376568538 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\0%2C%2C%2C00.htm -> [2008/11/25 20:57:52 | 00,002,250 | ---- | M] ()
24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[1].com;tile=3;ord=700853935126 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\24-redemption-1.htm -> File not found
ADUNIT=badge[1].com-tag-twilight -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\ADUNIT=badge[1].com -> [2008/11/25 19:45:32 | 00,000,775 | ---- | M] ()
CA2OFKZX.com%2Fgames%2Fen%2F&lmt=1196983590&dt=1196983590343&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\CA2OFKZX.com -> [2007/12/06 18:26:30 | 00,001,857 | ---- | M] ()
CAM70FQ9.com%2Fgames%2Fen%2F&lmt=1196982813&dt=1196982813156&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\CAM70FQ9.com -> [2007/12/06 18:13:33 | 00,001,857 | ---- | M] ()
CAMZ0L63.com%2Fgames%2Frobot-rage%2Fen%2F&lmt=1196984178&dt=1196984178906&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\CAMZ0L63.com -> File not found
CAWA3SII.com%2Fgames%2Fen%2F&lmt=1196981608&dt=1196981608937&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\CAWA3SII.com -> [2007/12/06 17:53:29 | 00,002,009 | ---- | M] ()
get_video[1].com -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\get_video[1].com -> [2008/01/13 19:20:13 | 00,610,490 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD -> [2008/11/25 21:02:42 | 00,000,000 | --SD | M]
CA2ZW9AZ.com%2F&ref=&lmt=1209234299&dt=1209234308125&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=4&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\CA2ZW9AZ.com -> [2008/04/26 13:25:08 | 00,000,765 | ---- | M] ()
CAGP87QF.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234321281&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\CAGP87QF.com -> File not found
dref=http%253A%252F%252Fdictionary.reference[1].com%252Fbrowse%252Fceliac%252520disease -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\dref=http%253A%252F%252Fdictionary.ref -> [2008/04/26 13:25:18 | 00,001,373 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L -> [2008/11/29 11:33:45 | 00,000,000 | --SD | M]
CA6HUJOJ.com%2Fgames%2Fen%2F&lmt=1196982914&dt=1196982914468&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CA6HUJOJ.com -> [2007/12/06 18:15:14 | 00,001,857 | ---- | M] ()
CABVX1EG.com%2Fgames%2Fen%2F&lmt=1196983053&dt=1196983053437&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CABVX1EG.com -> [2007/12/06 18:17:33 | 00,001,849 | ---- | M] ()
CAOTI14N.com%2Fgames%2Fen%2F&lmt=1198108652&dt=1198108652787&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAOTI14N.com -> [2007/12/19 18:57:32 | 00,001,853 | ---- | M] ()
CAQJKT2R.com%2Fgames%2Fsnowboard-madness%2Fen%2F&lmt=1196982970&dt=1196982970218&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAQJKT2R.com -> File not found
CASTEZST.com%2Fgames%2Fen%2F&lmt=1196982899&dt=1196982899578&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=0&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CASTEZST.com -> [2007/12/06 18:14:59 | 00,001,857 | ---- | M] ()
CAU765RF.com%2Fgames%2Fon-the-run%2Fen%2F&lmt=1196982672&dt=1196982672187&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAU765RF.com -> File not found
CAU94F0J.com%2Fgames%2Fen%2F&lmt=1196985484&dt=1196985484265&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAU94F0J.com -> [2007/12/06 18:58:04 | 00,001,846 | ---- | M] ()
CAY2KPSH.com%2Fgames%2Fen%2F&lmt=1196982647&dt=1196982647953&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAY2KPSH.com -> [2007/12/06 18:10:48 | 00,001,857 | ---- | M] ()
dref=http%253A%252F%252Fwww.miniclip[1].com%252Fgames%252Fbang-howdy%252Fen%252F -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\dref=http%253A%252F%252Fwww.min -> [2007/12/06 18:34:08 | 00,000,895 | ---- | M] ()
dref=http%253A%252F%252Fwww.miniclip[1].com%252Fgames%252Fen%252F -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\dref=http%253A%252F%252Fwww.min -> [2007/12/19 18:57:27 | 00,001,405 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB -> [2008/11/29 10:44:14 | 00,000,000 | --SD | M]
0%2C%2C20242397_20548063%2C00.html;rhost=www.people[2].com;tile=1;ord=367705436159 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20548063%2C00.htm -> [2008/11/25 18:14:03 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20548065%2C00.html;rhost=www.people[2].com;tile=1;ord=462912190859 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20548065%2C00.htm -> [2008/11/25 18:14:08 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20548066%2C00.html;rhost=www.people[2].com;tile=3;ord=768946311726 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20548066%2C00.htm -> [2008/11/25 18:14:15 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20547898%2C00.html;rhost=www.people[2].com;tile=4;ord=50288984429 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20547898%2C00.htm -> [2008/11/25 18:14:51 | 00,004,309 | ---- | M] ()
0%2C%2C20242397_20548061%2C00.html;rhost=www.people[2].com;tile=4;ord=115619745466 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20548061%2C00.htm -> [2008/11/25 18:14:20 | 00,001,812 | ---- | M] ()
0%2C%2C20139491_20492119%2C00.html;rhost=www.people[2].com;tile=1;ord=751164890559 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20139491_20492119%2C00.htm -> [2008/11/25 18:17:00 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20547903%2C00.html;rhost=www.people[2].com;tile=4;ord=451380693075 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20547903%2C00.htm -> [2008/11/25 18:15:26 | 00,000,154 | ---- | M] ()
0%2C%2C20139491_20513533%2C00.html;rhost=www.people[2].com;tile=2;ord=601217548974 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20139491_20513533%2C00.htm -> [2008/11/25 18:16:17 | 00,000,810 | ---- | M] ()
0%2C%2C20242397_20547909%2C00.html;rhost=www.people[2].com;tile=4;ord=968622930326 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20547909%2C00.htm -> [2008/11/25 18:15:19 | 00,000,566 | ---- | M] ()
0%2C%2C20242397_20547900%2C00.html;rhost=www.people[2].com;tile=3;ord=151272148367 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20547900%2C00.htm -> [2008/11/25 18:14:58 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20547906%2C00.html;rhost=www.people[2].com;tile=3;ord=926576267021 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\0%2C%2C20242397_20547906%2C00.htm -> [2008/11/25 18:15:02 | 00,000,077 | ---- | M] ()
imp[1].com%2Fhserver%2Frandom%3D766168%2Fpageid%3D651165337%2Farea%3DPB_SE_LO%2Faamsz%3DSKYSCRAPER%2FKEYWORD%3Dtwilight&r=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\imp[1].com -> [2008/11/25 19:47:12 | 00,000,696 | ---- | M] ()
photos;rhost=www.people[2].com;tile=4;ord=873716138566 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\photos;rhost=www.peo -> [2008/11/25 18:15:53 | 00,035,388 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5 -> [2008/11/25 21:02:21 | 00,000,000 | --SD | M]
0%2C%2C20242397%2C00.html;rhost=www.people[2].com;tile=1;ord=503323503364 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397%2C00.htm -> [2008/11/25 18:14:00 | 00,000,151 | ---- | M] ()
0%2C%2C20242397%2C00.html;rhost=www.people[2].com;tile=4;ord=503323503364 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397%2C00.htm -> [2008/11/25 18:14:01 | 00,001,809 | ---- | M] ()
0%2C%2C20242397_20548061%2C00.html;rhost=www.people[2].com;tile=2;ord=115619745466 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20548061%2C00.htm -> [2008/11/25 18:14:19 | 00,001,069 | ---- | M] ()
0%2C%2C20242397_20547898%2C00.html;rhost=www.people[2].com;tile=3;ord=50288984429 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20547898%2C00.htm -> [2008/11/25 18:14:51 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20548058%2C00.html;rhost=www.people[2].com;tile=3;ord=791346904372 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20548058%2C00.htm -> [2008/11/25 18:14:28 | 00,000,077 | ---- | M] ()
0%2C%2C20139491_20514745%2C00.html;rhost=www.people[2].com;tile=1;ord=338066914114 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20139491_20514745%2C00.htm -> [2008/11/25 18:16:33 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20547903%2C00.html;rhost=www.people[2].com;tile=3;ord=451380693075 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20547903%2C00.htm -> [2008/11/25 18:15:25 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20547909%2C00.html;rhost=www.people[2].com;tile=3;ord=968622930326 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20547909%2C00.htm -> [2008/11/25 18:15:19 | 00,000,077 | ---- | M] ()
0%2C%2C20242397_20547905%2C00.html;rhost=www.people[2].com;tile=4;ord=69743560028 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20547905%2C00.htm -> [2008/11/25 18:15:29 | 00,001,805 | ---- | M] ()
0%2C%2C20242397_20548060%2C00.html;rhost=www.people[2].com;tile=2;ord=696588019125 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20242397_20548060%2C00.htm -> [2008/11/25 18:14:24 | 00,001,064 | ---- | M] ()
0%2C%2C20139491_20490200%2C00.html;rhost=www.people[2].com;tile=2;ord=249741255970 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\0%2C%2C20139491_20490200%2C00.htm -> [2008/11/25 18:17:46 | 00,000,077 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5 -> [2008/11/25 19:41:28 | 00,000,000 | --SD | M]
CA27S9AJ.com%2F&ref=&lmt=1209072436&dt=1209072440250&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=1&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CA27S9AJ.com -> [2008/04/24 16:27:20 | 00,000,771 | ---- | M] ()
CABCEYFY.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072461390&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CABCEYFY.com -> File not found
CAXW0MZW.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072477546&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CAXW0MZW.com -> File not found
dref=http%253A%252F%252Fwww[1].com%252Fresults%253Fsearch_query%253Dhannah%252520montana%2526search%253DSearch%2526sa%253DX%2526oi%253Dspell%2526resnum%253D0%2526spell%253D1 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww[1].com -> File not found
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41 -> [2008/11/29 10:44:14 | 00,000,000 | --SD | M]
0%2C%2C20242397_20547898%2C00.html;rhost=www.people[2].com;tile=1;ord=50288984429 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20547898%2C00.htm -> [2008/11/25 18:14:51 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20548061%2C00.html;rhost=www.people[2].com;tile=1;ord=115619745466 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20548061%2C00.htm -> [2008/11/25 18:14:19 | 00,000,151 | ---- | M] ()
0%2C%2C20242397_20548058%2C00.html;rhost=www.people[2].com;tile=2;ord=791346904372 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20548058%2C00.htm -> [2008/11/25 18:14:28 | 00,001,062 | ---- | M] ()
0%2C%2C20242397_20548025%2C00.html;rhost=www.people[2].com;tile=2;ord=65752365529 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20548025%2C00.htm -> [2008/11/25 18:14:33 | 00,001,071 | ---- | M] ()
0%2C%2C20242397_20547904%2C00.html;rhost=www.people[2].com;tile=1;ord=725606193535 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20547904%2C00.htm -> [2008/11/25 18:15:07 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20491946%2C00.html;rhost=www.people[2].com;tile=4;ord=608773636664 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20139491_20491946%2C00.htm -> [2008/11/25 18:17:25 | 00,004,449 | ---- | M] ()
0%2C%2C20139491_20481044%2C00.html;rhost=www.people[2].com;tile=1;ord=601258829217 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20139491_20481044%2C00.htm -> [2008/11/25 18:17:53 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20504122%2C00.html;rhost=www.people[2].com;tile=4;ord=770982057571 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20139491_20504122%2C00.htm -> [2008/11/25 18:16:51 | 00,004,915 | ---- | M] ()
0%2C%2C20242397_20547903%2C00.html;rhost=www.people[2].com;tile=1;ord=451380693075 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20547903%2C00.htm -> [2008/11/25 18:15:25 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20514745%2C00.html;rhost=www.people[2].com;tile=3;ord=338066914114 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20139491_20514745%2C00.htm -> [2008/11/25 18:16:33 | 00,000,468 | ---- | M] ()
0%2C%2C20242397_20547909%2C00.html;rhost=www.people[2].com;tile=1;ord=968622930326 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20547909%2C00.htm -> [2008/11/25 18:15:18 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20492119%2C00.html;rhost=www.people[2].com;tile=4;ord=751164890559 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20139491_20492119%2C00.htm -> [2008/11/25 18:17:01 | 00,004,915 | ---- | M] ()
0%2C%2C20242397_20547900%2C00.html;rhost=www.people[2].com;tile=1;ord=151272148367 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20242397_20547900%2C00.htm -> [2008/11/25 18:14:58 | 00,000,151 | ---- | M] ()
0%2C%2C20139491_20490391%2C00.html;rhost=www.people[2].com;tile=4;ord=102529027505 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\0%2C%2C20139491_20490391%2C00.htm -> [2008/11/25 18:17:29 | 00,004,906 | ---- | M] ()
videoplayer;entity=movie-6014;genre=suspense;genre=crimedrama;genre=drama;genre=thriller;genre=action;refer=www.google[1].com;entry=yes;sz=728x90;tile=1;ord=5291741147148902319 -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\videoplayer;entity=movie-6014;genre=suspense;genre=crimedrama;genre=drama;genre=thriller;genre=action;refer=www.goo -> File not found
C:\Documents and Settings\Mark\Local Settings\Temp\ -> C:\Documents and Settings\Mark\Local Settings\Temp -> [2008/12/08 19:25:27 | 00,000,000 | ---D | M]
AutoRun.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\AutoRun.exe -> [2005/01/18 16:41:22 | 00,684,032 | -H-- | M] (Electronic Arts Inc.)
v2yuc_setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\v2yuc_setup.exe -> [2005/09/25 13:45:25 | 01,085,064 | ---- | M] ()
WiseUpdX.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\WiseUpdX.exe -> [2007/09/26 19:40:20 | 00,188,681 | ---- | M] ()
Wise~tmp.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Wise~tmp.exe -> [2007/10/13 12:56:52 | 19,007,496 | ---- | M] ()
yav_setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\yav_setup.exe -> [2005/09/25 13:46:45 | 04,950,128 | ---- | M] ()
yop_setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\yop_setup.exe -> [2005/09/25 13:46:57 | 01,332,864 | ---- | M] ()
ypc_setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\ypc_setup.exe -> [2005/09/25 13:45:33 | 00,797,312 | ---- | M] ()
ypsr_setup_solo_sbc_us.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\ypsr_setup_solo_sbc_us.exe -> [2005/09/25 13:45:58 | 02,442,888 | ---- | M] ()
ytb.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\ytb.exe -> [2008/11/25 20:08:36 | 00,329,479 | ---- | M] (Yahoo! Inc.)
_unps.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_unps.exe -> [2008/04/01 15:56:50 | 00,294,912 | ---- | M] ()
2296 C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [2005/01/21 11:50:16 | 00,000,000 | ---D | M]
ShFolder.Exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ShFolder.Exe -> [2001/04/16 16:39:02 | 00,117,288 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> [2005/01/21 12:50:37 | 00,000,000 | ---D | M]
ISUninst.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ISUninst.exe -> [1999/07/22 18:14:10 | 00,306,688 | R--- | M] (InstallShield Software Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> [2005/01/21 13:02:17 | 00,000,000 | ---D | M]
ISUninst.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ISUninst.exe -> [1999/07/22 18:14:10 | 00,306,688 | R--- | M] (InstallShield Software Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> [2005/01/21 13:04:06 | 00,000,000 | ---D | M]
ISUninst.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ISUninst.exe -> [1999/07/22 18:14:10 | 00,306,688 | R--- | M] (InstallShield Software Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> [2006/02/27 22:47:57 | 00,000,000 | ---D | M]
ShFolder.Exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ShFolder.Exe -> [2001/04/16 16:39:02 | 00,117,288 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> [2006/08/06 13:22:15 | 00,000,000 | ---D | M]
ShFolder.Exe -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ShFolder.Exe -> [2001/04/16 15:39:02 | 00,117,288 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}\ -> C:\Documents and Settings\Mark\Local Settings\Temp\{28F58CDE-6241-4B11-8232-6A5D4FB06E8B} -> [2005/01/21 14:37:26 | 00,000,000 | ---D | M]
CopyInf.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}\CopyInf.exe -> [2002/02/20 17:05:22 | 00,040,960 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\ -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF} -> [2007/06/14 10:08:22 | 00,000,000 | ---D | M]
IDLKTest.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\IDLKTest.exe -> [2004/05/12 09:19:34 | 00,040,960 | ---- | M] ()
SystemLocker.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\SystemLocker.exe -> [2004/03/01 09:18:28 | 00,036,864 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL -> [2008/11/29 11:33:44 | 00,000,000 | --SD | M]
jre-6u3-windows-i586-p-iftw[1].exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\jre-6u3-windows-i586-p-iftw[1].exe -> [2007/12/06 18:43:12 | 00,382,352 | ---- | M] (Sun Microsystems, Inc.)
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5 -> [2008/11/25 21:02:21 | 00,000,000 | --SD | M]
celebrity[1].exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\celebrity[1].exe -> [2008/11/25 18:24:35 | 00,198,347 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\WMDM\ -> C:\Documents and Settings\Mark\Local Settings\Temp\WMDM -> [2005/05/26 09:35:46 | 00,000,000 | ---D | M]
setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\WMDM\setup.exe -> [2005/04/13 12:50:02 | 00,081,920 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\ -> C:\Documents and Settings\Mark\Local Settings\Temp -> [2008/12/08 19:31:54 | 00,000,000 | ---D | M]
AutoRunGUI.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\AutoRunGUI.dll -> [2004/11/01 14:11:02 | 00,577,536 | -H-- | M] (Electronic Arts Inc.)
USBMM2X2.DLL -> C:\Documents and Settings\Mark\Local Settings\Temp\USBMM2X2.DLL -> [2005/01/21 13:55:27 | 00,017,920 | ---- | M] (Doug Fetter Software Wizardry)
USBMN2X2.DLL -> C:\Documents and Settings\Mark\Local Settings\Temp\USBMN2X2.DLL -> [2005/01/21 13:55:27 | 00,115,712 | ---- | M] (Doug Fetter Software Wizardry)
2296 C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [2005/01/21 11:50:16 | 00,000,000 | ---D | M]
BrwsrPI.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\BrwsrPI.dll -> [2001/08/08 21:22:42 | 00,053,248 | ---- | M] (Adobe Systems, Inc.)
IccTest.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IccTest.dll -> [2001/08/07 16:48:00 | 00,126,976 | ---- | M] (Adobe Systems, Inc.)
Permission.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Permission.dll -> [2001/04/16 16:39:02 | 00,098,304 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> [2005/01/21 12:50:37 | 00,000,000 | ---D | M]
a2e91.DLL -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\a2e91.DLL -> [1999/07/22 18:14:10 | 00,129,536 | R--- | M] (InstallShield Software Corporation)
Ctl3d32.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll -> [1999/07/22 18:14:10 | 00,027,136 | R--- | M] (Microsoft Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> [2005/01/21 13:02:17 | 00,000,000 | ---D | M]
1a785.DLL -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\1a785.DLL -> [1999/07/22 18:14:10 | 00,129,536 | R--- | M] (InstallShield Software Corporation)
Ctl3d32.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Ctl3d32.dll -> [1999/07/22 18:14:10 | 00,027,136 | R--- | M] (Microsoft Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\ -> [2005/01/21 13:02:19 | 00,000,000 | ---D | M]
ZDataI51.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\ZDataI51.dll -> [2005/01/21 13:02:18 | 00,053,248 | ---- | M] ()
_WUTL951.DLL -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_WUTL951.DLL -> [2005/01/21 13:02:18 | 00,046,592 | ---- | M] (InstallShield Software Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> [2005/01/21 13:04:06 | 00,000,000 | ---D | M]
2164d.DLL -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\2164d.DLL -> [1999/07/22 18:14:10 | 00,129,536 | R--- | M] (InstallShield Software Corporation)
Ctl3d32.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\Ctl3d32.dll -> [1999/07/22 18:14:10 | 00,027,136 | R--- | M] (Microsoft Corporation)
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> [2006/02/27 22:47:57 | 00,000,000 | ---D | M]
BrwsrPI.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\BrwsrPI.dll -> [2001/08/08 21:22:42 | 00,053,248 | ---- | M] (Adobe Systems, Inc.)
IccTest.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\IccTest.dll -> [2001/08/07 16:48:00 | 00,126,976 | ---- | M] (Adobe Systems, Inc.)
Permission.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\Permission.dll -> [2001/04/16 16:39:02 | 00,098,304 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> [2006/08/06 13:22:15 | 00,000,000 | ---D | M]
BrwsrPI.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\BrwsrPI.dll -> [2001/08/08 20:22:42 | 00,053,248 | ---- | M] (Adobe Systems, Inc.)
IccTest.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\IccTest.dll -> [2001/08/07 15:48:00 | 00,126,976 | ---- | M] (Adobe Systems, Inc.)
Permission.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\Permission.dll -> [2001/04/16 15:39:02 | 00,098,304 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\FileGrp\ -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\FileGrp -> [2006/08/06 13:21:23 | 00,000,000 | ---D | M]
nppdf32.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\FileGrp\nppdf32.dll -> [2001/09/10 02:47:38 | 00,103,344 | ---- | M] (Adobe Systems Inc.)
C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\ -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF} -> [2007/06/14 10:08:22 | 00,000,000 | ---D | M]
IDLK.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\IDLK.dll -> [2004/05/12 09:18:10 | 00,069,632 | ---- | M] (Intel Corporation)
isrt.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\isrt.dll -> [2003/11/10 16:15:36 | 00,401,408 | ---- | M] (InstallShield Software Corporation)
_IsRes.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\_IsRes.dll -> [2003/09/03 02:56:56 | 00,364,544 | ---- | M] (InstallShield Software Corporation)
_ISUser.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\{7879059D-FAFA-490E-9198-8164A94E157C}\{85D3CC30-8859-481A-9654-FD9B74310BEF}\_ISUser.dll -> [2006/02/09 06:41:50 | 00,245,760 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\WMDM\ -> C:\Documents and Settings\Mark\Local Settings\Temp\WMDM -> [2005/05/26 09:35:46 | 00,000,000 | ---D | M]
mdplugin.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\WMDM\mdplugin.dll -> [2005/04/13 12:50:00 | 00,335,872 | ---- | M] (Musicmatch, Inc.)
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [2008/04/26 13:15:40 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/11/29 21:27:18 | 08,617,984 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T -> [2008/12/08 19:22:10 | 00,000,000 | --SD | M]
check[1].dat -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\check[1].dat -> [2008/11/29 21:27:39 | 00,000,000 | ---- | M] ()
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\ -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7 -> [2008/11/29 12:02:45 | 00,000,000 | --SD | M]
check[1].dat -> C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\check[1].dat -> [2008/10/20 06:21:27 | 00,000,000 | ---- | M] ()
C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [2005/01/21 12:32:58 | 00,000,000 | ---D | M]
IsUninst.Exe -> C:\WINDOWS\Temp\_ISTMP0.DIR\IsUninst.Exe -> [1999/07/22 18:14:10 | 00,305,152 | R--- | M] (InstallShield Software Corporation)
C:\WINDOWS\Temp\_ISTMP1.DIR\ -> C:\WINDOWS\Temp\_ISTMP1.DIR\ -> [2005/01/21 13:04:05 | 00,000,000 | ---D | M]
IsUninst.Exe -> C:\WINDOWS\Temp\_ISTMP1.DIR\IsUninst.Exe -> [1999/07/22 18:14:10 | 00,305,152 | R--- | M] (InstallShield Software Corporation)
C:\WINDOWS\Temp\_ISTMP2.DIR\ -> C:\WINDOWS\Temp\_ISTMP2.DIR\ -> [2007/07/18 12:10:41 | 00,000,000 | ---D | M]
uninst.exe -> C:\WINDOWS\Temp\_ISTMP2.DIR\uninst.exe -> [1997/04/08 19:08:10 | 00,299,520 | ---- | M] (InstallShield Corporation, Inc.)
C:\WINDOWS\Temp\_ISTMP3.DIR\ -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> [2008/06/20 19:14:14 | 00,000,000 | ---D | M]
uninst.exe -> C:\WINDOWS\Temp\_ISTMP3.DIR\uninst.exe -> [1997/04/08 19:08:10 | 00,299,520 | ---- | M] (InstallShield Corporation, Inc.)
C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [2005/01/21 12:32:58 | 00,000,000 | ---D | M]
c01bb.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\c01bb.DLL -> [1999/07/22 18:14:10 | 00,129,536 | R--- | M] (InstallShield Software Corporation)
Ctl3d32.dll -> C:\WINDOWS\Temp\_ISTMP0.DIR\Ctl3d32.dll -> [1999/07/22 18:14:10 | 00,027,136 | R--- | M] (Microsoft Corporation)
C:\WINDOWS\Temp\_ISTMP1.DIR\ -> C:\WINDOWS\Temp\_ISTMP1.DIR\ -> [2005/01/21 13:04:05 | 00,000,000 | ---D | M]
34353.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\34353.DLL -> [1999/07/22 18:14:10 | 00,129,536 | R--- | M] (InstallShield Software Corporation)
Ctl3d32.dll -> C:\WINDOWS\Temp\_ISTMP1.DIR\Ctl3d32.dll -> [1999/07/22 18:14:10 | 00,027,136 | R--- | M] (Microsoft Corporation)
C:\WINDOWS\Temp\_ISTMP2.DIR\ -> C:\WINDOWS\Temp\_ISTMP2.DIR\ -> [2007/07/18 12:10:41 | 00,000,000 | ---D | M]
3a771a.DLL -> C:\WINDOWS\Temp\_ISTMP2.DIR\3a771a.DLL -> [1997/01/20 14:37:44 | 00,091,136 | ---- | M] (InstallShield Corporation, Inc.)
3a7729.DLL -> C:\WINDOWS\Temp\_ISTMP2.DIR\3a7729.DLL -> [1997/09/08 15:07:32 | 00,149,992 | ---- | M] ()
mydll.dll -> C:\WINDOWS\Temp\_ISTMP2.DIR\mydll.dll -> [1997/07/15 09:58:48 | 00,076,379 | ---- | M] ()
C:\WINDOWS\Temp\_ISTMP3.DIR\ -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> [2008/06/20 19:14:14 | 00,000,000 | ---D | M]
3ac7cf4.DLL -> C:\WINDOWS\Temp\_ISTMP3.DIR\3ac7cf4.DLL -> [1997/01/20 14:37:44 | 00,091,136 | ---- | M] (InstallShield Corporation, Inc.)
3ac7d03.DLL -> C:\WINDOWS\Temp\_ISTMP3.DIR\3ac7d03.DLL -> [1997/09/08 15:07:32 | 00,149,992 | ---- | M] ()
mydll.dll -> C:\WINDOWS\Temp\_ISTMP3.DIR\mydll.dll -> [1997/07/15 09:58:48 | 00,076,379 | ---- | M] ()
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/08 19:31:57 | 00,000,000 | ---D | M]
Perflib_Perfdata_66c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat -> [2008/12/08 17:33:37 | 00,016,384 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/08 19:25:26 | 00,647,651 | ---- | M] ()
Status.MPF -> %SystemRoot%\System32\Status.MPF -> [2008/12/08 17:35:00 | 00,214,656 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/08 17:34:46 | 00,002,422 | ---- | M] ()
AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job -> [2008/12/08 17:34:42 | 00,000,494 | ---- | M] ()
lgfwup.ini -> %SystemRoot%\lgfwup.ini -> [2008/12/08 17:34:28 | 00,000,259 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/08 17:33:24 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/08 17:33:18 | 00,002,048 | --S- | M] ()
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/12/07 18:10:46 | 00,002,137 | ---- | M] ()
PKP_DLec.DAT -> %AllUsersProfile%\Application Data\PKP_DLec.DAT -> [2008/12/07 13:33:49 | 00,000,020 | -H-- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/07 13:27:07 | 00,000,116 | ---- | M] ()
__c00E47A6.dat -> %SystemRoot%\System32\__c00E47A6.dat -> [2008/12/06 18:32:05 | 00,025,600 | ---- | M] ()
Absolute Poker.lnk -> %UserProfile%\Desktop\Absolute Poker.lnk -> [2008/12/06 16:09:57 | 00,000,734 | ---- | M] ()
AbsolutePoker8_4_8.exe -> %UserProfile%\Desktop\AbsolutePoker8_4_8.exe -> [2008/12/06 16:09:12 | 09,162,456 | ---- | M] ()
Norton SystemWorks One Button Checkup.job -> %SystemRoot%\tasks\Norton SystemWorks One Button Checkup.job -> [2008/12/05 19:09:36 | 00,000,278 | ---- | M] ()
Ingredients for volleyball.doc -> %UserProfile%\My Documents\Ingredients for volleyball.doc -> [2008/12/05 16:54:47 | 00,026,624 | ---- | M] ()
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2008/12/04 17:36:27 | 00,003,580 | ---- | M] ()
Luxor.lnk -> %UserProfile%\Desktop\Luxor.lnk -> [2008/12/04 17:13:09 | 00,002,114 | ---- | M] ()
pixel-vfl73.gif -> %UserProfile%\Desktop\pixel-vfl73.gif -> [2008/12/02 17:46:25 | 00,000,043 | ---- | M] ()
Ryan Current Event.doc -> %UserProfile%\My Documents\Ryan Current Event.doc -> [2008/11/30 21:54:30 | 00,022,528 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/11/28 19:11:49 | 00,305,705 | ---- | M] ()
VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> [2008/11/28 18:18:27 | 00,096,978 | ---- | M] (Business Information Solutions)
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/11/28 17:59:08 | 00,001,602 | ---- | M] ()
xcrashdump.dat -> %SystemDrive%\xcrashdump.dat -> [2008/11/28 17:51:25 | 00,001,847 | ---- | M] ()
AdwareAlert.lnk -> %AllUsersProfile%\Desktop\AdwareAlert.lnk -> [2008/11/28 16:01:24 | 00,001,854 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/28 09:52:03 | 00,000,284 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/11/24 20:29:40 | 00,000,679 | ---- | M] ()
volleyball.doc -> %UserProfile%\My Documents\volleyball.doc -> [2008/11/23 13:20:09 | 00,027,136 | ---- | M] ()
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [2008/11/22 13:14:55 | 00,001,604 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/22 13:10:56 | 00,054,156 | -H-- | M] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2008/11/22 13:10:56 | 00,001,409 | ---- | M] ()
QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [2008/11/21 23:05:35 | 00,001,356 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/11 21:51:15 | 00,001,393 | ---- | M] ()
Legend of Sleepy Hollow quiz.doc -> %UserProfile%\My Documents\Legend of Sleepy Hollow quiz.doc -> [2008/11/08 20:11:00 | 00,034,816 | ---- | M] ()
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\Microsoft:5eAHydZw2i7KVQw1nJVWavWrrSxm 881 bytes
C:\Documents and Settings\Mark\Cookies:gxYG7OPbkwpX3fIuRCX 871 bytes
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\wC7IY4rfZkNF:5OyW0i2C8jghedWi9cOEK 896 bytes
scan completed successfully
hidden files: 117
 
< End of report >


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 08 December 2008 - 09:59 PM

Hello mfisch.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable McAfee:
  • Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
    Right-click it -> chose Exit.
  • A popup will warn that protection will now be disabled. Click on Yes to disable the Antivirus guard.
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Kill Explorer]
    [Registry - Safe List]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "A00F14D0710.exe" -> %SystemDrive%\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe [C:\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe]
    YN -> "Aim6" -> []
    YN -> "PowerBar" -> []
    < Run [HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "A00F14D0710.exe" -> %SystemDrive%\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe [C:\DOCUME~1\Mark\LOCALS~1\Temp\_A00F14D0710.exe]
    YN -> "Aim6" -> []
    YN -> "PowerBar" -> []
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YN -> __c007BBDD -> %SystemRoot%\system32\__c007BBDD.dat
    [Files/Folders - Created Within 30 Days]
    NY -> __c007BBDD.dat -> %SystemRoot%\System32\__c007BBDD.dat
    NY -> __c00CFE68.dat -> %SystemRoot%\System32\__c00CFE68.dat
    [CatchMe Rootkit Scan by GMER]
    NY -> C:\Documents and Settings\All Users\Application Data\Microsoft:5eAHydZw2i7KVQw1nJVWavWrrSxm 881 bytes -> 
    NY -> C:\Documents and Settings\Mark\Cookies:gxYG7OPbkwpX3fIuRCX 871 bytes -> 
    NY -> C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\wC7IY4rfZkNF:5OyW0i2C8jghedWi9cOEK 896 bytes -> 
    [Empty Temp Folders]
    [Reboot]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Re-enable your protection at this time.

Please post back with:
-the OTScanIt fix log
-the MalwareBytes log
-a new OTScanIt scan log (default settings, attached)

How is your computer running now? Is it slow, because I see a TON of startup items.

With Regards,
The Panda

#9 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 08 December 2008 - 11:15 PM

Hey Panda,

I'm almost there. You asked for a new OTScanIt scan log, "with default settings." Should I run this the same way as last time?--checking "scan all users", changing the rootkit scan setting from no to yes etc. Or does "default" mean simply running the scan as is?

Thanks,

mfisch

BTW--your website page is now loading up fully-with attachment options on the Add Reply.

#10 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 08 December 2008 - 11:55 PM

Panda,

I ran the scan log without changing any defaults. The log's attached. Let me know if you need me to re-run it.


Here is the OTScanIt fix log:

Process Explorer.EXE killed successfully!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\A00F14D0710.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\A00F14D0710.exe not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Aim6 not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PowerBar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007BBDD\ deleted successfully.
[Files/Folders - Created Within 30 Days]
File move failed. C:\WINDOWS\System32\__c007BBDD.dat scheduled to be moved on reboot.
C:\WINDOWS\System32\__c00CFE68.dat moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\c_baseball;net=cm;u=0a10b6ce_45487_65706054,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=575677;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\default;sz=300x250;kl=E;kl=M;kl=mr;kl=mb;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=panic+at+the+disco;kcr=us;kmyd[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\default;sz=300x250;kl=E;kl=mp;kl=mr;kl=G;kl=M;klg=en;kgg=2;kr=R;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=single+ladies;kcr=us;kmyd=a[2].5 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\default;sz=300x250;kl=G;kl=mb;kl=M;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=rupert+grint;kcr=us;kmyd=ad_creat[2].5 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\main_1;sz=450x60;kl=mr;kl=G;kl=E;kl=mb;kl=M;!c=1;kvid=yCto3PCn8wo;custp=lVrJwcIy7saPcGc1nct80A;dcdupd=1;kpid=1;kga=1001;kar=3;kgg=2;kcr=us;afc=1;klg=en;kpu=FueledByRamen;cus[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\main_2;sz=300x250;!c=2;kvid=hU2zfDFjffo;kpu=dimangels;kar=3;kgender=f;ko=c;kpid=2;kga=1001;kr=F;u=hU2zfDFjffo_2_854DB37C31637DFA;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist;ord[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\promo2;sz=300x50;sz=300x100;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_3;til[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\videoplayer;entity=movie-6014;genre=suspense;genre=crimedrama;genre=drama;genre=thriller;genre=action;refer=www.google[1].com;entry=yes;sz=728x90;tile=1;ord=5291741147148902319 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123342114[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123750927[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123821208[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196900223[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196966458[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=197026739[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CABCEYFY.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072461390&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CAXW0MZW.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072477546&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[4].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[5].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[6].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[7].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww[1].com%252Fresults%253Fsearch_query%253Dhannah%252520montana%2526search%253DSearch%2526sa%253DX%2526oi%253Dspell%2526resnum%253D0%2526spell%253D1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_1;sz=300x250;kga=1001;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;kar=3;kgender=f;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;ku=N;kt=U;kage=19;kgg=2;til[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_1;sz=480x70;kga=1001;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;kar=3;kgender=f;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;ku=N;kt=U;kage=19;kgg=2;tile[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_2;sz=300x250;kga=1001;!c=2;kvid=sF84pIhP5UM;kpu=leonalewis;kar=3;kgender=f;ko=p;kpid=2;kbz=1;kr=F;u=sF84pIhP5UM_2_B05F38A4884FE543;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_526;dc_seed=200992831;sz=300x250;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;ka[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmNlL2l[1].adNoOp&fr=csc_ymailm&modid=none scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\c_baseball;net=cm;u=0a08b1c8_25437_65749703,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=912246;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[1].aspx%253FGameID%253D21791 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\main_81;sz=480x70;kl=mr;kl=A;kl=mp;kl=E;kl=M;!c=81;klg=en;kvid=3kkbTNmg40c;kgg=2;kr=F;ko=p;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=81;kga=1001;kar=3;kage=20;ku=[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=wonderful+counselor+prince+of+peace;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=149[2].6 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=200307427[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\ccttype%3DNON%26height%3D600%26curl%3D000000%26theme%3Dclippy%26cbg%3D3b3b45%26cborder%3D000000%26clink%3D000000%26ctext%3D000000%26gender%3Dunknown%26type%3Dcontent%26adunit%3D&r=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\default;sz=300x250;kl=G;kl=E;kl=mp;kl=mb;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=single+ladies+beyonce;kcr[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\default;sz=300x250;kl=mb;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=sydney;kcr=us;kmyd=ad_creativ[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\football;sz=300x250;kl=mb;kl=G;kl=mr;kl=mp;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\FueledByRamen;sz=1x1;kl=M;kl=E;kl=A;kl=mr;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kpu=fueledbyramen;tile=1;dcopt=i[2].7 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\main_81;sz=300x250;kl=mr;kl=A;kl=mp;kl=E;kl=M;!c=81;klg=en;kvid=3kkbTNmg40c;kgg=2;kr=F;ko=p;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=81;kga=1001;kar=3;kage=20;ku[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\main_81;sz=450x60;kl=mr;kl=A;kl=mp;kl=E;kl=M;!c=81;klg=en;kvid=3kkbTNmg40c;kgg=2;kr=F;ko=p;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=81;kga=1001;kar=3;kage=20;ku=[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=wonderful+counselor+prince+of+peace;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=445[2].5 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAQJKT2R.com%2Fgames%2Fsnowboard-madness%2Fen%2F&lmt=1196982970&dt=1196982970218&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAU765RF.com%2Fgames%2Fon-the-run%2Fen%2F&lmt=1196982672&dt=1196982672187&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\c_baseball;net=cm;u=0a0ccdca_28547_71113120,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=15246;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\253D%253Bkw%253D%253Bchan%253Dhobbies%253Bsyn%253Dabout%253Btile%253D1%253Br%253D1%253Bu%253D00g3iga1416vnd%257C0%253Bdcopt%253Dist%253Bsz%253D728x90%253Bord%253D184QJFn0B20SA19AR54 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\CAGP87QF.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234321281&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\main_2;sz=300x250;!c=2;kvid=1t9K9rM1SVE;kpu=ThreeDaysGraceVideos;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=rock;u=1t9K9rM1SVE_2_D6DF4AF6B3354951;ku=N;kt=U;kage=19;kgg=2;t[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[1].com;tile=3;ord=700853935126 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\CAMZ0L63.com%2Fgames%2Frobot-rage%2Fen%2F&lmt=1196984178&dt=1196984178906&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=201920177[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[1].aspx%253FGameID%253D21641 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[2].aspx%253FGameID%253D21641 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\sports;net=q1;u=0a04f602_4762_72069507,100a60e6216e742,sports,cm.sportsreg-cm.sports_M-cm.sports_L;;sz=300x250;ord1=543449;start=0;fset=1;contx=sports;btg=cm[1].sports_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\booksliterature;sz=300x250;kl=mb;kl=M;kl=mr;kl=G;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=william+moseley;kcr=us;k[1].2 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\click,VaUDAOO5BgBylA4AmqgEAAIAGUgAAP8AAAADEgIABgKMrgEAN-4GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM14LEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14t0rav7k%2FM%3D674272[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\c_baseball;net=cm;u=0a10b6ca_60756_71166405,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=664625;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\default;sz=300x250;kl=G;kl=mp;kl=M;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=my+secretcrush;kcr=us;kmyd=ad_c[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\default;sz=300x250;kl=mp;kl=E;kl=mr;kl=A;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd=ad_cre[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\default;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=wonderful+counselor+prince+of+peace;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=652940316286866[2].4 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\main_1;sz=480x70;kl=mr;kl=G;kl=E;kl=mb;kl=M;!c=1;kvid=yCto3PCn8wo;custp=lVrJwcIy7saPcGc1nct80A;dcdupd=1;kpid=1;kga=1001;kar=3;kgg=2;kcr=us;afc=1;klg=en;kpu=FueledByRamen;cus[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\main_2;sz=300x250;kl=mb;kl=mr;kl=A;kl=mp;kl=M;!c=2;klg=en;kvid=e6ExgUW6ak8;kgg=2;kr=F;ko=c;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=2;kga=1001;kar=3;kage=20;ku=N[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\_default;sz=399x299;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_1;kap=0;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123432505[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=51979708[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\CA17VTQR.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072477406&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\CAXWUKAS.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072458750&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\main_526;dc_seed=200992831;sz=450x60;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kag[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=117685442[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123277270[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196820223[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196833067[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=50227677[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=52373317[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\CAOGCQ0B.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072476375&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[4].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[5].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[6].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[7].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[8].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_1;sz=300x250;kga=-1;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;kgg=-1;tile=1;dcopt=ist;ord=3645465720806015[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_2;sz=300x250;!c=2;kvid=RYhPGuOHRj4;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;u=RYhPGuOHRj4_2_45884F1AE387463E;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_2;sz=480x70;!c=2;kvid=RYhPGuOHRj4;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;u=RYhPGuOHRj4_2_45884F1AE387463E;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist;[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_2;sz=480x70;!c=2;kvid=sK0DjYE-GVA;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=sK0DjYE-GVA_2_B0AD038D813E1950;ku=N;kt=U;kage=19;kgg=2;tile=1;dco[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_526;dc_seed=200164712;sz=450x60;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kag[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_526;sz=480x70;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kage=19;kgg=2;tile=1;[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_526;sz=480x70;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kage=19;kgg=2;tile=1;[2].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_6;sz=480x70;!c=6;kvid=k99h5aikc4g;kpu=universalmusicgroup;kar=3;kgender=f;ko=p;kpid=6;kga=1001;kr=A;k1=pop;u=k99h5aikc4g_6_93DF61E5A8A47388;ku=N;kt=U;kage=19;kgg=2;tile[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\activity;src=1794754;met=1;v=1;pid=5695970;aid=197877102;ko=0;cid=25682828;rid=25700682;rv=1;&timestamp=1209251664609;eid1=13;ecn1=1;etm1=0;eid2=12;ecn2=0;etm2=0;[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\activity;src=1794754;met=1;v=1;pid=5695970;aid=197877102;ko=0;cid=25682828;rid=25700682;rv=1;&timestamp=1209251664625;eid1=13;ecn1=1;etm1=0;eid2=12;ecn2=0;etm2=0;[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=201425817[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\CA69IJIH.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234318765&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[1].aspx%253FGameID%253D21641 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\main_2;sz=480x70;!c=2;kvid=1t9K9rM1SVE;kpu=ThreeDaysGraceVideos;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=rock;u=1t9K9rM1SVE_2_D6DF4AF6B3354951;ku=N;kt=U;kage=19;kgg=2;ti[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\main_6;sz=300x250;!c=6;kvid=wY3oEvaq71A;kpu=muraharu1985;kar=3;kgender=f;ko=c;kpid=6;kga=1001;kr=A;u=wY3oEvaq71A_6_C18DE812F6AAEF50;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist;[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\%253D9%253Ba%253D%253Bkw%253D%253Bchan%253Dhobbies%253Bsyn%253Dabout%253Btile%253D1%253Br%253D1%253Bu%253D%257C0%253Bdcopt%253Dist%253Bsz%253D728x90%253Bord%253D184QJDi0K20SA258Y333 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=200489177[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=200868989[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\CAM5SCCT.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234321625&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\main_2;sz=300x250;!c=2;kvid=ajoMQ85PGOQ;kpu=slipknotfan6969;kar=3;kgender=f;ko=c;kpid=2;kga=1001;kr=F;u=ajoMQ85PGOQ_2_6A3A0C43CE4F18E4;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=i[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=117719770[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=118090786[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123476333[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123780302[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196881661[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=50498692[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=52025473[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=52383364[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\CAZEEYBD.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072461031&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[10].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[11].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[12].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[4].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[5].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[6].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[7].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[8].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[9].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww[1].com%252Fresults%253Fsearch_query%253Dhannah%252520montana%2526search%253DSearch%2526sa%253DX%2526oi%253Dspell%2526resnum%253D0%2526spell%253D1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_1;sz=480x70;kga=-1;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;kgg=-1;tile=1;dcopt=ist;ord=33043[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=300x250;!c=2;kvid=sK0DjYE-GVA;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=sK0DjYE-GVA_2_B0AD038D813E1950;ku=N;kt=U;kage=19;kgg=2;tile=1;dc[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=300x250;!c=2;kvid=ygctbqBijFk;kpu=shakira;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=ygctbqBijFk_2_CA072D6EA0628C59;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=is[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=480x70;!c=2;kvid=ygctbqBijFk;kpu=shakira;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=ygctbqBijFk_2_CA072D6EA0628C59;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=480x70;kga=1001;!c=2;kvid=sF84pIhP5UM;kpu=leonalewis;kar=3;kgender=f;ko=p;kpid=2;kbz=1;kr=F;u=sF84pIhP5UM_2_B05F38A4884FE543;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=i[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_526;dc_seed=200164712;sz=300x250;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;ka[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_6;sz=300x250;!c=6;kvid=k99h5aikc4g;kpu=universalmusicgroup;kar=3;kgender=f;ko=p;kpid=6;kga=1001;kr=A;k1=pop;u=k99h5aikc4g_6_93DF61E5A8A47388;ku=N;kt=U;kage=19;kgg=2;til[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\be_sports;net=q1;u=0a0ccdc4_52415_73620715,100a60e6216e742,sports,cm.sportsreg-cm.sports_M-cm.sports_L;;sz=728x90;ord1=77461;start=0;fset=1;contx=sports;btg=cm[1].sports_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\default;sz=300x250;kl=G;kl=E;kl=mb;kl=A;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=my+secretcrush;kcr=us;kmyd=a[2].5 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\main_3230;sz=450x60;kl=A;kl=M;kl=mr;kl=mp;!c=3230;klg=en;kvid=sH8Et-5f2vg;kgg=2;kr=F;ko=y;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=3230;kga=1001;kar=3;kage=20;ku[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\music;sz=300x250;kl=A;kl=mr;kl=mp;kl=mb;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=isabella%27s+lulaby;kcr=us[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\promo1;sz=300x50;sz=300x100;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_2;tile=[2].5 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\promo3;sz=300x50;sz=300x100;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[2].com;tile=1;ord=700853935126 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\activity;src=1794754;met=1;v=1;pid=8042422;aid=203857773;ko=1;cid=26811943;rid=26829800;rv=1;&timestamp=1221697891296;eid1=13;ecn1=1;etm1=0;eid2=12;ecn2=0;etm2=0;[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAQZKP6N.com%2Fgames%2Fchess%2Fen%2F&lmt=1196982745&dt=1196982745531&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\c_baseball;net=cm;u=0a0ccdca_28437_75527734,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=706343;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\c_sports;net=cm;u=0a04f602_94736_63794363,100a60e6216e742,sports,cm.sportsreg-cm.sports_L;;sz=300x250;ord1=77694;start=0;fset=1;contx=sports;btg=cm.sportsreg;btg=cm[1].sports_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\default;sz=300x250;kl=M;kl=mp;kl=mr;kl=mb;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd=ad_creativ[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\music;sz=300x250;kl=M;kl=G;kl=E;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=isabella%27s+lullaby;kcr=us;kmyd=a[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\music;sz=300x250;kl=mr;kl=M;kl=E;kl=mp;klg=en;kgg=2;kr=R;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=i+am+sasha+feirce;kcr=us;kmyd=ad[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\promo3;sz=300x50;sz=300x100;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_4;tile=[2].9 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CA8HE561.com%2Fgames%2Fbattle-wheels%2Fen%2F&lmt=1196982779&dt=1196982779734&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAI3WTIZ.com%2Fgames%2Fbang-howdy%2Fen%2F&lmt=1196984056&dt=1196984056265&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAIN4X4B.com%2Fgames%2Fon-the-run%2Fen%2F&lmt=1196982670&dt=1196982670828&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\c_baseball;net=cm;u=0a0ccdca_28435_76040709,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=728x90;ord1=29142;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\default;sz=300x250;kl=M;kl=E;kl=mb;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=robert+pattinson+never+think;kc[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\_default;sz=399x299;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_1;kap=0;tile=[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\football;sz=300x250;kl=M;kl=mp;kl=A;kl=mr;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd=ad_cr[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\promo2;sz=300x50;sz=300x100;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[2].com;tile=2;ord=700853935126 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\c_baseball;net=cm;u=0a08b1cc_65984_65774670,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=131617;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\default;sz=300x250;kl=E;kl=mb;kl=M;kl=G;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=panic+at+the+disco;kcr=us;kmyd=[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\default;sz=300x250;kl=mr;kl=mb;kl=M;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=my+secretcrush;kcr=us;kmyd=ad_[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\football;sz=300x35;dc_seed=208950071;kl=M;kl=mp;kl=A;kl=mr;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\main_1;sz=300x250;kl=mr;kl=G;kl=E;kl=mb;kl=M;!c=1;kvid=yCto3PCn8wo;custp=lVrJwcIy7saPcGc1nct80A;dcdupd=1;kpid=1;kga=1001;kar=3;kgg=2;kcr=us;afc=1;klg=en;kpu=FueledByRamen;cu[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\main_3230;sz=300x250;kl=A;kl=M;kl=mr;kl=mp;!c=3230;klg=en;kvid=sH8Et-5f2vg;kgg=2;kr=F;ko=y;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=3230;kga=1001;kar=3;kage=20;k[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\main_3230;sz=480x70;kl=A;kl=M;kl=mr;kl=mp;!c=3230;klg=en;kvid=sH8Et-5f2vg;kgg=2;kr=F;ko=y;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=3230;kga=1001;kar=3;kage=20;ku[1].asx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\mileymandy;sz=1x1;kl=mp;kl=mr;kl=M;kl=G;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kpu=mileymandy;tile=1;dcopt=ist;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\music;sz=300x250;kl=mb;kl=mp;kl=A;kl=G;kl=M;klg=en;kgg=2;kr=R;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=i+am+sasha+fierce;kcr=us;km[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\music_alternativepunkmetal;sz=300x250;kl=mb;kl=A;kl=M;kl=mr;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=panic+at+th[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\promo1;sz=300x50;sz=300x100;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\t1;sz=1x1;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;tile=5;ord=8278922451260207[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\etilqs_JjShvMMGJVo2kDLYQ7Zc scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\JETAC05.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\sqlite_aWAI2DYWR2FnMgN scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\sqlite_aWAI2DYWR2FnMgN-journal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\sqlite_mgj1yNK4c6tGwPd scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\~DFADB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Temp\~DFD145.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_230.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12082008_222546

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\__c007BBDD.dat scheduled to be moved on reboot.
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\c_baseball;net=cm;u=0a10b6ce_45487_65706054,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=575677;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\default;sz=300x250;kl=E;kl=M;kl=mr;kl=mb;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=panic+at+the+disco;kcr=us;kmyd[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\default;sz=300x250;kl=E;kl=mp;kl=mr;kl=G;kl=M;klg=en;kgg=2;kr=R;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=single+ladies;kcr=us;kmyd=a[2].5 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\default;sz=300x250;kl=G;kl=mb;kl=M;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=rupert+grint;kcr=us;kmyd=ad_creat[2].5 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\main_1;sz=450x60;kl=mr;kl=G;kl=E;kl=mb;kl=M;!c=1;kvid=yCto3PCn8wo;custp=lVrJwcIy7saPcGc1nct80A;dcdupd=1;kpid=1;kga=1001;kar=3;kgg=2;kcr=us;afc=1;klg=en;kpu=FueledByRamen;cus[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\main_2;sz=300x250;!c=2;kvid=hU2zfDFjffo;kpu=dimangels;kar=3;kgender=f;ko=c;kpid=2;kga=1001;kr=F;u=hU2zfDFjffo_2_854DB37C31637DFA;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist;ord[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\promo2;sz=300x50;sz=300x100;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_3;til[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3SR2J41\videoplayer;entity=movie-6014;genre=suspense;genre=crimedrama;genre=drama;genre=thriller;genre=action;refer=www.google[1].com;entry=yes;sz=728x90;tile=1;ord=5291741147148902319 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123342114[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123750927[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123821208[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196900223[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196966458[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=197026739[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CABCEYFY.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072461390&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\CAXW0MZW.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072477546&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[4].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[5].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[6].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[7].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\dref=http%253A%252F%252Fwww[1].com%252Fresults%253Fsearch_query%253Dhannah%252520montana%2526search%253DSearch%2526sa%253DX%2526oi%253Dspell%2526resnum%253D0%2526spell%253D1 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_1;sz=300x250;kga=1001;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;kar=3;kgender=f;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;ku=N;kt=U;kage=19;kgg=2;til[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_1;sz=480x70;kga=1001;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;kar=3;kgender=f;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;ku=N;kt=U;kage=19;kgg=2;tile[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_2;sz=300x250;kga=1001;!c=2;kvid=sF84pIhP5UM;kpu=leonalewis;kar=3;kgender=f;ko=p;kpid=2;kbz=1;kr=F;u=sF84pIhP5UM_2_B05F38A4884FE543;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXOJYXE5\main_526;dc_seed=200992831;sz=300x250;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;ka[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmNlL2l[1].adNoOp&fr=csc_ymailm&modid=none not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\c_baseball;net=cm;u=0a08b1c8_25437_65749703,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=912246;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[1].aspx%253FGameID%253D21791 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\main_81;sz=480x70;kl=mr;kl=A;kl=mp;kl=E;kl=M;!c=81;klg=en;kvid=3kkbTNmg40c;kgg=2;kr=F;ko=p;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=81;kga=1001;kar=3;kage=20;ku=[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\U9CF69Q5\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=wonderful+counselor+prince+of+peace;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=149[2].6 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=200307427[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\ccttype%3DNON%26height%3D600%26curl%3D000000%26theme%3Dclippy%26cbg%3D3b3b45%26cborder%3D000000%26clink%3D000000%26ctext%3D000000%26gender%3Dunknown%26type%3Dcontent%26adunit%3D&r=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\default;sz=300x250;kl=G;kl=E;kl=mp;kl=mb;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=single+ladies+beyonce;kcr[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\default;sz=300x250;kl=mb;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=sydney;kcr=us;kmyd=ad_creativ[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\football;sz=300x250;kl=mb;kl=G;kl=mr;kl=mp;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\FueledByRamen;sz=1x1;kl=M;kl=E;kl=A;kl=mr;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kpu=fueledbyramen;tile=1;dcopt=i[2].7 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\main_81;sz=300x250;kl=mr;kl=A;kl=mp;kl=E;kl=M;!c=81;klg=en;kvid=3kkbTNmg40c;kgg=2;kr=F;ko=p;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=81;kga=1001;kar=3;kage=20;ku[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\main_81;sz=450x60;kl=mr;kl=A;kl=mp;kl=E;kl=M;!c=81;klg=en;kvid=3kkbTNmg40c;kgg=2;kr=F;ko=p;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=81;kga=1001;kar=3;kage=20;ku=[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL8RWZSB\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=wonderful+counselor+prince+of+peace;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=445[2].5 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAQJKT2R.com%2Fgames%2Fsnowboard-madness%2Fen%2F&lmt=1196982970&dt=1196982970218&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\CAU765RF.com%2Fgames%2Fon-the-run%2Fen%2F&lmt=1196982672&dt=1196982672187&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\QHWV650L\c_baseball;net=cm;u=0a0ccdca_28547_71113120,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=15246;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\253D%253Bkw%253D%253Bchan%253Dhobbies%253Bsyn%253Dabout%253Btile%253D1%253Br%253D1%253Bu%253D00g3iga1416vnd%257C0%253Bdcopt%253Dist%253Bsz%253D728x90%253Bord%253D184QJFn0B20SA19AR54 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\CAGP87QF.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234321281&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7B320XD\main_2;sz=300x250;!c=2;kvid=1t9K9rM1SVE;kpu=ThreeDaysGraceVideos;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=rock;u=1t9K9rM1SVE_2_D6DF4AF6B3354951;ku=N;kt=U;kage=19;kgg=2;t[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[1].com;tile=3;ord=700853935126 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\INK7U547\CAMZ0L63.com%2Fgames%2Frobot-rage%2Fen%2F&lmt=1196984178&dt=1196984178906&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=201920177[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[1].aspx%253FGameID%253D21641 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[2].aspx%253FGameID%253D21641 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\I14RA1IL\sports;net=q1;u=0a04f602_4762_72069507,100a60e6216e742,sports,cm.sportsreg-cm.sports_M-cm.sports_L;;sz=300x250;ord1=543449;start=0;fset=1;contx=sports;btg=cm[1].sports_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\booksliterature;sz=300x250;kl=mb;kl=M;kl=mr;kl=G;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=william+moseley;kcr=us;k[1].2 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\click,VaUDAOO5BgBylA4AmqgEAAIAGUgAAP8AAAADEgIABgKMrgEAN-4GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM14LEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14t0rav7k%2FM%3D674272[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\c_baseball;net=cm;u=0a10b6ca_60756_71166405,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=664625;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\default;sz=300x250;kl=G;kl=mp;kl=M;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=my+secretcrush;kcr=us;kmyd=ad_c[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\default;sz=300x250;kl=mp;kl=E;kl=mr;kl=A;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd=ad_cre[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\default;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=wonderful+counselor+prince+of+peace;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=652940316286866[2].4 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\main_1;sz=480x70;kl=mr;kl=G;kl=E;kl=mb;kl=M;!c=1;kvid=yCto3PCn8wo;custp=lVrJwcIy7saPcGc1nct80A;dcdupd=1;kpid=1;kga=1001;kar=3;kgg=2;kcr=us;afc=1;klg=en;kpu=FueledByRamen;cus[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\main_2;sz=300x250;kl=mb;kl=mr;kl=A;kl=mp;kl=M;!c=2;klg=en;kvid=e6ExgUW6ak8;kgg=2;kr=F;ko=c;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=2;kga=1001;kar=3;kage=20;ku=N[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6NUL6Z\_default;sz=399x299;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_1;kap=0;[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123432505[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=51979708[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\CA17VTQR.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072477406&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\CAXWUKAS.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072458750&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERI3UXI3\main_526;dc_seed=200992831;sz=450x60;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kag[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=117685442[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123277270[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196820223[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196833067[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=50227677[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=52373317[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\CAOGCQ0B.com%2Fbrowse%2Fseduce&ref=&lmt=1209072473&dt=1209072476375&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=3&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[4].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[5].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[6].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[7].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[8].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_1;sz=300x250;kga=-1;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;kgg=-1;tile=1;dcopt=ist;ord=3645465720806015[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_2;sz=300x250;!c=2;kvid=RYhPGuOHRj4;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;u=RYhPGuOHRj4_2_45884F1AE387463E;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_2;sz=480x70;!c=2;kvid=RYhPGuOHRj4;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;u=RYhPGuOHRj4_2_45884F1AE387463E;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist;[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_2;sz=480x70;!c=2;kvid=sK0DjYE-GVA;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=sK0DjYE-GVA_2_B0AD038D813E1950;ku=N;kt=U;kage=19;kgg=2;tile=1;dco[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_526;dc_seed=200164712;sz=450x60;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kag[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_526;sz=480x70;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kage=19;kgg=2;tile=1;[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_526;sz=480x70;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;kage=19;kgg=2;tile=1;[2].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXEZGPMV\main_6;sz=480x70;!c=6;kvid=k99h5aikc4g;kpu=universalmusicgroup;kar=3;kgender=f;ko=p;kpid=6;kga=1001;kr=A;k1=pop;u=k99h5aikc4g_6_93DF61E5A8A47388;ku=N;kt=U;kage=19;kgg=2;tile[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\activity;src=1794754;met=1;v=1;pid=5695970;aid=197877102;ko=0;cid=25682828;rid=25700682;rv=1;&timestamp=1209251664609;eid1=13;ecn1=1;etm1=0;eid2=12;ecn2=0;etm2=0;[1].gif not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\activity;src=1794754;met=1;v=1;pid=5695970;aid=197877102;ko=0;cid=25682828;rid=25700682;rv=1;&timestamp=1209251664625;eid1=13;ecn1=1;etm1=0;eid2=12;ecn2=0;etm2=0;[1].gif not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=201425817[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\CA69IJIH.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234318765&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\dref=http%253A%252F%252F64.246.64.33%252Fmerge%252Ftsnform.aspx%253Fc%253Dbostonherald%2526page%253Dmlb%252Fscores%252Ffinal%252Fboxscore[1].aspx%253FGameID%253D21641 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\main_2;sz=480x70;!c=2;kvid=1t9K9rM1SVE;kpu=ThreeDaysGraceVideos;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=rock;u=1t9K9rM1SVE_2_D6DF4AF6B3354951;ku=N;kt=U;kage=19;kgg=2;ti[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLGPEZC5\main_6;sz=300x250;!c=6;kvid=wY3oEvaq71A;kpu=muraharu1985;kar=3;kgender=f;ko=c;kpid=6;kga=1001;kr=A;u=wY3oEvaq71A_6_C18DE812F6AAEF50;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist;[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\%253D9%253Ba%253D%253Bkw%253D%253Bchan%253Dhobbies%253Bsyn%253Dabout%253Btile%253D1%253Br%253D1%253Bu%253D%257C0%253Bdcopt%253Dist%253Bsz%253D728x90%253Bord%253D184QJDi0K20SA258Y333 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=200489177[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=200868989[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\CAM5SCCT.com%2Fbrowse%2Fceliac%2520disease&ref=&lmt=1209234313&dt=1209234321625&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=5&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\BMCB7LKL\main_2;sz=300x250;!c=2;kvid=ajoMQ85PGOQ;kpu=slipknotfan6969;kar=3;kgender=f;ko=c;kpid=2;kga=1001;kr=F;u=ajoMQ85PGOQ_2_6A3A0C43CE4F18E4;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=i[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=117719770[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=118090786[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123476333[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=123780302[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=196881661[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=50498692[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=52025473[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\BuddyInfo;MN=93237867;u=rcf1e15753a9f0d69;wm=o;rm=1;tef=1;ua=16;ug=2;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=230x10;tile=1;dcove=d;ord=52383364[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\CAZEEYBD.com%2Fbrowse%2Fseduction&ref=&lmt=1209072451&dt=1209072461031&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=2&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[10].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[11].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[12].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[2].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[3].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[4].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[5].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[6].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[7].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[8].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[9].adp%253Fmagic%253D93236874%2526width%253D120%2526height%253D90%2526sn%253DLiLfIsH2468 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\dref=http%253A%252F%252Fwww[1].com%252Fresults%253Fsearch_query%253Dhannah%252520montana%2526search%253DSearch%2526sa%253DX%2526oi%253Dspell%2526resnum%253D0%2526spell%253D1 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_1;sz=480x70;kga=-1;!c=1;kvid=S20NsEyzUeQ;kpu=BadBoyRecords;ko=p;kpid=1;kbz=1;kr=F;k1=pop;u=S20NsEyzUeQ_1_4B6D0DB04CB351E4;kgg=-1;tile=1;dcopt=ist;ord=33043[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=300x250;!c=2;kvid=sK0DjYE-GVA;kpu=JenniferLopez;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=sK0DjYE-GVA_2_B0AD038D813E1950;ku=N;kt=U;kage=19;kgg=2;tile=1;dc[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=300x250;!c=2;kvid=ygctbqBijFk;kpu=shakira;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=ygctbqBijFk_2_CA072D6EA0628C59;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=is[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=480x70;!c=2;kvid=ygctbqBijFk;kpu=shakira;kar=3;kgender=f;ko=p;kpid=2;kga=1001;kr=F;k1=pop;u=ygctbqBijFk_2_CA072D6EA0628C59;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=ist[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_2;sz=480x70;kga=1001;!c=2;kvid=sF84pIhP5UM;kpu=leonalewis;kar=3;kgender=f;ko=p;kpid=2;kbz=1;kr=F;u=sF84pIhP5UM_2_B05F38A4884FE543;ku=N;kt=U;kage=19;kgg=2;tile=1;dcopt=i[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_526;dc_seed=200164712;sz=300x250;!c=526;kvid=QoEez-nn0vw;kpu=WHATTHEBUCKSHOW;kar=3;kgender=f;ko=y;kpid=526;kga=1001;kr=F;u=QoEez-nn0vw_526_42811ECFE9E7D2FC;ku=N;kt=U;ka[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ZNB20T9\main_6;sz=300x250;!c=6;kvid=k99h5aikc4g;kpu=universalmusicgroup;kar=3;kgender=f;ko=p;kpid=6;kga=1001;kr=A;k1=pop;u=k99h5aikc4g_6_93DF61E5A8A47388;ku=N;kt=U;kage=19;kgg=2;til[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\be_sports;net=q1;u=0a0ccdc4_52415_73620715,100a60e6216e742,sports,cm.sportsreg-cm.sports_M-cm.sports_L;;sz=728x90;ord1=77461;start=0;fset=1;contx=sports;btg=cm[1].sports_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\default;sz=300x250;kl=G;kl=E;kl=mb;kl=A;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=my+secretcrush;kcr=us;kmyd=a[2].5 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\main_3230;sz=450x60;kl=A;kl=M;kl=mr;kl=mp;!c=3230;klg=en;kvid=sH8Et-5f2vg;kgg=2;kr=F;ko=y;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=3230;kga=1001;kar=3;kage=20;ku[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\music;sz=300x250;kl=A;kl=mr;kl=mp;kl=mb;kl=M;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=isabella%27s+lulaby;kcr=us[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\promo1;sz=300x50;sz=300x100;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_2;tile=[2].5 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VS3IJ4T\promo3;sz=300x50;sz=300x100;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[2].com;tile=1;ord=700853935126 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\activity;src=1794754;met=1;v=1;pid=8042422;aid=203857773;ko=1;cid=26811943;rid=26829800;rv=1;&timestamp=1221697891296;eid1=13;ecn1=1;etm1=0;eid2=12;ecn2=0;etm2=0;[1].gif not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HMNANSL\CAQZKP6N.com%2Fgames%2Fchess%2Fen%2F&lmt=1196982745&dt=1196982745531&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\c_baseball;net=cm;u=0a0ccdca_28437_75527734,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=706343;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\c_sports;net=cm;u=0a04f602_94736_63794363,100a60e6216e742,sports,cm.sportsreg-cm.sports_L;;sz=300x250;ord1=77694;start=0;fset=1;contx=sports;btg=cm.sportsreg;btg=cm[1].sports_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\default;sz=300x250;kl=M;kl=mp;kl=mr;kl=mb;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd=ad_creativ[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\music;sz=300x250;kl=M;kl=G;kl=E;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=isabella%27s+lullaby;kcr=us;kmyd=a[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\music;sz=300x250;kl=mr;kl=M;kl=E;kl=mp;klg=en;kgg=2;kr=R;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=i+am+sasha+feirce;kcr=us;kmyd=ad[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\2L2DUJ8X\promo3;sz=300x50;sz=300x100;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_4;tile=[2].9 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CA8HE561.com%2Fgames%2Fbattle-wheels%2Fen%2F&lmt=1196982779&dt=1196982779734&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAI3WTIZ.com%2Fgames%2Fbang-howdy%2Fen%2F&lmt=1196984056&dt=1196984056265&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=5&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\CAIN4X4B.com%2Fgames%2Fon-the-run%2Fen%2F&lmt=1196982670&dt=1196982670828&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-300&u_his=4&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\c_baseball;net=cm;u=0a0ccdca_28435_76040709,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=728x90;ord1=29142;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\default;sz=300x250;kl=M;kl=E;kl=mb;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=robert+pattinson+never+think;kc[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0Z6FATQX\_default;sz=399x299;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_1;kap=0;tile=[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\football;sz=300x250;kl=M;kl=mp;kl=A;kl=mr;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;kcr=us;kmyd=ad_cr[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XSPQ7W7\promo2;sz=300x50;sz=300x100;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\24-redemption-1.html%3Fiid%3Dtop25-20081124-%2724%253A+Redemption%27%253A+Jack+Bauer+et+al.+get+us+psyched+for+season+7;rhost=www.google[2].com;tile=2;ord=700853935126 not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\c_baseball;net=cm;u=0a08b1cc_65984_65774670,100a60e6216e742,baseball,cm.baseball_M-cm.baseball_L;;sz=300x250;ord1=131617;contx=baseball;btg=cm.baseball_M;btg=cm[1].baseball_L; not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\default;sz=300x250;kl=E;kl=mb;kl=M;kl=G;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=panic+at+the+disco;kcr=us;kmyd=[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\default;sz=300x250;kl=mr;kl=mb;kl=M;kl=A;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=my+secretcrush;kcr=us;kmyd=ad_[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\football;sz=300x35;dc_seed=208950071;kl=M;kl=mp;kl=A;kl=mr;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=brady+quinn;[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\main_1;sz=300x250;kl=mr;kl=G;kl=E;kl=mb;kl=M;!c=1;kvid=yCto3PCn8wo;custp=lVrJwcIy7saPcGc1nct80A;dcdupd=1;kpid=1;kga=1001;kar=3;kgg=2;kcr=us;afc=1;klg=en;kpu=FueledByRamen;cu[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\main_3230;sz=300x250;kl=A;kl=M;kl=mr;kl=mp;!c=3230;klg=en;kvid=sH8Et-5f2vg;kgg=2;kr=F;ko=y;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=3230;kga=1001;kar=3;kage=20;k[1].htm not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\main_3230;sz=480x70;kl=A;kl=M;kl=mr;kl=mp;!c=3230;klg=en;kvid=sH8Et-5f2vg;kgg=2;kr=F;ko=y;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kpid=3230;kga=1001;kar=3;kage=20;ku[1].asx not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\mileymandy;sz=1x1;kl=mp;kl=mr;kl=M;kl=G;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kpu=mileymandy;tile=1;dcopt=ist;[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\music;sz=300x250;kl=mb;kl=mp;kl=A;kl=G;kl=M;klg=en;kgg=2;kr=R;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=i+am+sasha+fierce;kcr=us;km[1] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\music_alternativepunkmetal;sz=300x250;kl=mb;kl=A;kl=M;kl=mr;klg=en;kgg=2;kr=F;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kw=panic+at+th[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\promo1;sz=300x50;sz=300x100;kl=mp;kl=E;kl=G;kl=mb;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;kmyd=ad_creative_[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PWHEZ8T\t1;sz=1x1;kl=mp;kl=A;kl=mr;kl=M;klg=en;kgg=2;custl=DOPYpiSuOIxzZQ4RjE30vA;kgender=f;dcdupd=1;kga=1001;kar=3;kage=20;ku=N;kt=U;kcr=us;tile=5;ord=8278922451260207[2] not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\etilqs_JjShvMMGJVo2kDLYQ7Zc not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\JETAC05.tmp not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\sqlite_aWAI2DYWR2FnMgN not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\sqlite_aWAI2DYWR2FnMgN-journal not found!
File C:\Documents and Settings\Mark\Local Settings\Temp\sqlite_mgj1yNK4c6tGwPd not found!
C:\Documents and Settings\Mark\Local Settings\Temp\~DFADB2.tmp moved successfully.
C:\Documents and Settings\Mark\Local Settings\Temp\~DFD145.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_230.dat not found!
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\73rq4ig1.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...





And here's the MalwareBytes log:


Malwarebytes' Anti-Malware 1.31
Database version: 1476
Windows 5.1.2600 Service Pack 3

12/8/2008 11:02:30 PM
mbam-log-2008-12-08 (23-02-30).txt

Scan type: Quick Scan
Objects scanned: 52017
Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 33
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c007BBDD.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007bbdd (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\sysfile (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Delete on reboot.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Delete on reboot.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18 (Rogue.AdwareAlert) -> Files: 1071 -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\256.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\267.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\269.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\290.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\291.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\301.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\302.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\305.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\333.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\334.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\335.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\342.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\345.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\346.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\347.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\348.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\349.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\510.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\521.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\528.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\538.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\540.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\541.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\542.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Quarantine\28-11-2008-17-50-18\547.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\SpyCleaner.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Log\2008 Dec 08 - 05_34_39 PM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Log\2008 Dec 08 - 08_14_13 PM_093.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\AdwareAlert\Log\2008 Dec 08 - 10_38_49 PM_937.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\0x01xx8p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\SysFile.brk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c007BBDD.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c00E47A6.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.


Thanks again!!

mfisch

Attached Files



#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 09 December 2008 - 01:53 AM

Hello mfisch.

Yes, I meant leaving the settings unchanged.

Looks much better.

Once again, disable your protection before running any tools.

Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Value  does not exist or could not be read. [AVG Safe Search]
    YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
    YN -> "C:\Program Files\America Online 9.0a\waol.exe" -> C:\Program Files\America Online 9.0a\waol.exe [C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0]
    YN -> "C:\Program Files\America Online 9.0a\waol.exe" -> C:\Program Files\America Online 9.0a\waol.exe [C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:America Online 9.0a]
    YN -> "C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe]
    YN -> "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL]
    YN -> "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink]
    YN -> "C:\Program Files\MySpace\IM\MySpaceIM.exe" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM]
    [CatchMe Rootkit Scan by GMER]
    NY -> C:\Documents and Settings\All Users\Application Data\TEMP:30A9E86A 105 bytes -> 
    NY -> C:\Documents and Settings\All Users\Application Data\TEMP:46543872 117 bytes -> 
    NY -> C:\Documents and Settings\All Users\Application Data\TEMP:C391C5CC 112 bytes -> 
    NY -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F 126 bytes -> 
    NY -> C:\Documents and Settings\All Users\Application Data\TEMP:F3176E45 107 bytes -> 
    NY -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4F91ED 126 bytes ->
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Re-enable protection please.

In your next post include:
-the OTScanIt fix log
-the Kaspersky scan log
-a new OTScanIt scan log (default settings, attached) You may run out of attachment space. If so, go to your Control Panel to remove your previous attachments to make room for new ones.
-a new HijackThis log

Please tell me of any symptoms you still have.

With Regards,
The Panda

#12 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 09 December 2008 - 10:27 PM

Panda,

You're right--I have a ton of stuff on the PC and will be cleaning it up when this is all done. Thanks again for all of this help.

Here's what you requested:

The OTScanIt scan log is attached.


HiJackThis log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mark at 2008-12-09 22:19:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (31%) free of 40 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:18 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Mark\Desktop\RSIT.exe
C:\Program Files\trend micro\Mark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bostonherald.com/sports/baseball/index.bg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Mark\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Mark\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12264 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-23 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-06-23 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-06-05 335872]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2004-10-08 49152]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2005-05-10 11776]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-05-10 110592]
"CaAvTray"=C:\Program Files\Yahoo!\Antivirus\CAVTray.exe [2005-09-25 230512]
"CAVRID"=C:\Program Files\Yahoo!\Antivirus\CAVRID.exe [2005-09-25 185456]
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2005-04-22 397312]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-04-05 950272]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"DIGStream"=C:\Program Files\DIGStream\digstream.exe [2005-10-31 278528]
"DIGServices"=C:\Program Files\ESPNRunTime\DIGServices.exe [2005-10-31 101888]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2005-04-12 229376]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-04 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-23 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Documents and Settings\Mark\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-09 16:07:09 ----D---- C:\WINDOWS\LastGood
2008-12-08 22:46:50 ----D---- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-12-08 22:46:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-08 22:46:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 22:25:46 ----D---- C:\_OTScanIt
2008-12-08 22:22:03 ----D---- C:\WINDOWS\ERDNT
2008-12-08 22:21:14 ----D---- C:\Program Files\ERUNT
2008-12-06 16:09:27 ----D---- C:\Program Files\Absolute Poker
2008-12-06 16:09:24 ----D---- C:\Program Files\_uninstallation_info
2008-12-04 17:35:06 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 17:35:06 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 17:35:06 ----A---- C:\WINDOWS\system32\java.exe
2008-12-04 17:35:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-28 19:13:02 ----D---- C:\Program Files\trend micro
2008-11-28 19:13:00 ----D---- C:\rsit
2008-11-28 18:46:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-28 17:59:17 ----D---- C:\Documents and Settings\Mark\Application Data\Mozilla
2008-11-28 17:59:03 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 08:55:42 ----D---- C:\VundoFix Backups
2008-11-28 08:55:42 ----A---- C:\VundoFix.txt
2008-11-22 13:52:58 ----D---- C:\Program Files\iPod
2008-11-22 13:52:53 ----D---- C:\Program Files\iTunes
2008-11-22 13:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 13:15:36 ----D---- C:\Program Files\Bonjour
2008-11-22 13:03:12 ----D---- C:\Program Files\Apple Software Update
2008-11-22 13:01:59 ----D---- C:\Program Files\Common Files\Apple
2008-11-22 13:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-22 12:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-11 21:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 21:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 21:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-09 22:19:08 ----D---- C:\WINDOWS\Prefetch
2008-12-09 22:10:04 ----D---- C:\Program Files\lg_fwupdate
2008-12-09 21:53:52 ----D---- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-12-09 21:43:09 ----D---- C:\WINDOWS\Temp
2008-12-09 21:33:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-09 16:08:05 ----HD---- C:\WINDOWS\inf
2008-12-09 16:07:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 16:07:22 ----D---- C:\WINDOWS
2008-12-09 16:07:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 15:53:10 ----A---- C:\WINDOWS\lgfwup.ini
2008-12-09 00:04:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 23:03:50 ----D---- C:\WINDOWS\system32
2008-12-08 23:03:49 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 23:03:49 ----D---- C:\Program Files
2008-12-08 23:02:18 ----SD---- C:\WINDOWS\Tasks
2008-12-07 16:59:47 ----D---- C:\Program Files\PokerStars.NET
2008-12-07 13:27:07 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-04 17:35:49 ----SHD---- C:\WINDOWS\Installer
2008-12-04 17:35:41 ----HD---- C:\Config.Msi
2008-12-04 17:34:36 ----D---- C:\Program Files\Java
2008-11-29 09:59:54 ----D---- C:\WINDOWS\Minidump
2008-11-28 18:38:14 ----D---- C:\Downloads
2008-11-24 20:29:40 ----A---- C:\WINDOWS\win.ini
2008-11-23 16:23:34 ----D---- C:\Documents and Settings\Mark\Application Data\Digidesign
2008-11-22 13:21:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-22 13:14:55 ----D---- C:\Program Files\QuickTime
2008-11-22 13:11:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-22 13:02:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-22 13:01:59 ----D---- C:\Program Files\Common Files
2008-11-21 18:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-20 20:22:55 ----D---- C:\WINDOWS\CAVTemp
2008-11-17 11:10:54 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-17 10:53:27 ----D---- C:\Program Files\Google
2008-11-13 20:37:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-13 19:37:13 ----D---- C:\WINDOWS\Help
2008-11-11 21:51:15 ----A---- C:\WINDOWS\imsins.BAK
2008-11-11 21:50:32 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-04-05 67584]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2007-07-23 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2005-09-25 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2005-09-25 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2006-07-31 26787]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2005-09-25 15478]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-26 8413]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-06-02 576512]
R3 dalwdmservice;dal service; C:\WINDOWS\system32\drivers\dalwdm.sys [2004-10-08 74240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2007-07-23 108360]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 iLokDrvr;iLok; C:\WINDOWS\System32\DRIVERS\iLokDrvr.sys [2003-07-07 26541]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2007-06-15 19840]
S3 syswrk;syswrk; \??\C:\WINDOWS\System32\drivers\syswrk.sys []
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader; C:\WINDOWS\system32\drivers\usb22ldr.sys [2005-01-21 14272]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBMN2X2;M-Audio USB MidiSport 2x2; C:\WINDOWS\system32\drivers\usbmn2x2.sys [2005-01-21 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-06-02 282624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CAISafe;CAISafe; C:\Program Files\Yahoo!\Antivirus\ISafe.exe [2005-09-25 259184]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2004-10-08 49152]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2005-04-05 552960]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 VETMSGNT;VET Message Service; C:\Program Files\Yahoo!\Antivirus\VetMsg.exe [2005-09-25 201840]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-06-05 114688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------




OTScanIt fix log:

[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MySpace\IM\MySpaceIM.exe not found.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12092008_195826




Kaspersky scan log:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 21:19:47
Records in database: 1448136

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 73300
Threat name 6
Infected objects 5
Suspicious objects 3
Duration of the scan 01:53:29

File name Threat name Threats count
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2

C:\MediaTubeCodec_ver1.602.0.exe Infected: Trojan-Downloader.Win32.Zlob.abqh 1

C:\Program Files\Musicmatch\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\Program Files\Musicmatch\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\Program Files\Yahoo!\YPSR\Quarantine\20051204200133.zip Suspicious: Password-protected-EXE 1

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp Infected: Trojan-PSW.Win32.PdPinch.ay 1

C:\WINDOWS\system32\wow.ext Infected: Trojan.Win32.Agent.reg 1

The selected area was scanned.

Attached Files



#13 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 09 December 2008 - 10:32 PM

BTW, I just tried Explorer and was able to navigate without a barrage of error messages and virus notifications. It was running a bit slow, but a huge improvement over last week.

mfisch

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 10 December 2008 - 02:28 AM

Hello mfisch.

Glad it's improved.

I suggest you uninstall the antivirus program that seems to be sponsored by Yahoo!. You already have McAfee installed.

Download and Run Scan with GMER
We will use GMER to scan for rootkits (just to make sure).
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode. However, do not use the MsConfig method to edit the Boot.ini.
Important!:Please do not select the Show all checkbox during the scan..
--
Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

With Regards,
The Panda

#15 mfisch

mfisch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 10 December 2008 - 07:56 AM

Thanks again. Couple of things:

1. I'll check out the How to Use Startup Database this evening.
2. I'm actually using some of the Computer Associates anti-virus functions (the Yahoo sponsored package). McAfee provides me with the firewall and some other functions.
3. One other symptom I forgot to tell you--which happened again last night: the screen goes black (computer stays on) and then shows the "Self Test", "Check PC", "Monitor Working" screen. I have to reboot to get it moving again. This has happened about 4 or 5 times over the past 2 weeks.

Here's the GMER scan:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-10 07:46:06
Windows 5.1.2600 Service Pack 3


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign File System Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Mark\Cookies\mark@go[2].txt 0 bytes
File C:\RECYCLER\NPROTECT 0 bytes
File C:\RECYCLER\NPROTECT\00397616.SQL 3608 bytes
File C:\RECYCLER\NPROTECT\00397617.SQL 2576 bytes
File C:\RECYCLER\NPROTECT\00397618.SQL 2576 bytes
File C:\RECYCLER\NPROTECT\00397619.SQL 5672 bytes
[...]

---- EOF - GMER 1.0.14 ----

Edited by PropagandaPanda, 10 December 2008 - 07:53 PM.
Removed redundent lines.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users