Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:06 PM, on 2/15/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {0a9f9196-a6cc-4dce-8d31-8d65b64cd44c} - (no file)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87b009e5-bc67-470c-bb3b-b0151bc4224b} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file)
O2 - BHO: (no name) - {A5317F8A-D2F4-4737-AB5F-D68E5C8046DB} - (no file)
O2 - BHO: (no name) - {AE21AE1A-4578-425D-B749-E1E9E23FD869} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C554D4EB-2EA0-4BF3-8861-DCC266E1A8CF} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {f914fa32-5956-455b-9d5c-a295f950474b} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [8A8C8C9295928F94] 797B7B8184817E.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213329D26033AAC
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [1BeGfKSVOf] rundll32.exe "C:\WINDOWS\mlslsfmx.dll",DllCleanServer
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.marsd.k12...lient/wfica.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LogCrypt - C:\WINDOWS\SYSTEM32\LogCrypt.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8019 bytes
Panda-
Incident Status Location
Virus:Trj/Agent.IAB Disinfected Operating system
Potentially unwanted tool:application/activitymon Not disinfected c:\program files\amsys
Adware:adware/adsincontext Not disinfected Windows Registry
Adware:adware/activshopper Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\veary\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\veary\Cookies\veary@questionmarket[2].txt
Virus:Trj/Downloader.SGU Disinfected C:\irjl.exe
Virus:Bck/Gaobot.QFI Disinfected C:\ltxblm.exe
Spyware:Spyware/7r7t Not disinfected C:\Temp\tOncha0119.exe
Virus:Trj/Downloader.SGU Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5TW3FRF\nwabo[1].txt
Virus:Bck/Gaobot.QFI Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5TW3FRF\sgxllcqhhy[1].htm
Possible Virus. Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R0Q7F67U\loader[1].exe
Virus:Trj/Agent.IAB Disinfected C:\WINDOWS\system32\LogCrypt.dll
Virus:Trj/Downloader.PLF Disinfected C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
Super Anti Spyware scan log-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/15/2008 at 08:11 PM
Application Version : 3.9.1008
Core Rules Database Version : 3403
Trace Rules Database Version: 1395
Scan type : Complete Scan
Total Scan Time : 01:23:53
Memory items scanned : 417
Memory threats detected : 3
Registry items scanned : 3806
Registry threats detected : 268
File items scanned : 29259
File threats detected : 104
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKKJHFG.DLL
C:\WINDOWS\SYSTEM32\JKKJHFG.DLL
HKLM\Software\Classes\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}\InprocServer32
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}\TreatAs
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkjhfg
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
C:\WINDOWS\SYSTEM32\AWTQQRP.DLL
Trojan.WinFixer
C:\WINDOWS\SYSTEM32\JKHFC.DLL
C:\WINDOWS\SYSTEM32\JKHFC.DLL
HKLM\Software\Classes\CLSID\{3C492E2A-8763-43C6-9C16-01ED5BC9118F}
HKCR\CLSID\{3C492E2A-8763-43C6-9C16-01ED5BC9118F}
HKCR\CLSID\{3C492E2A-8763-43C6-9C16-01ED5BC9118F}\InprocServer32
HKCR\CLSID\{3C492E2A-8763-43C6-9C16-01ED5BC9118F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C492E2A-8763-43C6-9C16-01ED5BC9118F}
Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\GTIAOEFR.DLL
C:\WINDOWS\SYSTEM32\GTIAOEFR.DLL
HKLM\Software\Classes\CLSID\{53a00b66-7158-452a-9867-ed1c6f01e331}
HKCR\CLSID\{53A00B66-7158-452A-9867-ED1C6F01E331}
HKCR\CLSID\{53A00B66-7158-452A-9867-ED1C6F01E331}\InprocServer32
HKCR\CLSID\{53A00B66-7158-452A-9867-ED1C6F01E331}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RTLTWPFD.DLL
HKLM\Software\Classes\CLSID\{7cda5b0d-78cd-451c-8300-942c402d8b05}
HKCR\CLSID\{7CDA5B0D-78CD-451C-8300-942C402D8B05}
HKCR\CLSID\{7CDA5B0D-78CD-451C-8300-942C402D8B05}\InprocServer32
HKCR\CLSID\{7CDA5B0D-78CD-451C-8300-942C402D8B05}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XPVGBTQC.DLL
HKLM\Software\Classes\CLSID\{87b009e5-bc67-470c-bb3b-b0151bc4224b}
HKCR\CLSID\{87B009E5-BC67-470C-BB3B-B0151BC4224B}
HKCR\CLSID\{87B009E5-BC67-470C-BB3B-B0151BC4224B}\InprocServer32
HKCR\CLSID\{87B009E5-BC67-470C-BB3B-B0151BC4224B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NMSVDKEG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87b009e5-bc67-470c-bb3b-b0151bc4224b}
C:\WINDOWS\SYSTEM32\IFQVKLUT.DLL
C:\WINDOWS\SYSTEM32\WGNIOELW.DLL
Adware.WebBuying Assistant
HKLM\Software\Classes\CLSID\{03b05850-7d3c-429a-9a5f-ae54954a8adb}
HKCR\CLSID\{03B05850-7D3C-429A-9A5F-AE54954A8ADB}
HKCR\CLSID\{03B05850-7D3C-429A-9A5F-AE54954A8ADB}\InprocServer32
HKCR\CLSID\{03B05850-7D3C-429A-9A5F-AE54954A8ADB}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QQAXBVR.DLL
HKLM\Software\Classes\CLSID\{0446fcac-18f3-406a-9bcc-6619542cc54e}
HKCR\CLSID\{0446FCAC-18F3-406A-9BCC-6619542CC54E}
HKCR\CLSID\{0446FCAC-18F3-406A-9BCC-6619542CC54E}\InprocServer32
HKCR\CLSID\{0446FCAC-18F3-406A-9BCC-6619542CC54E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{092a2fc0-7cc5-4749-a0f1-4f213a5e59eb}
HKCR\CLSID\{092A2FC0-7CC5-4749-A0F1-4F213A5E59EB}
HKCR\CLSID\{092A2FC0-7CC5-4749-A0F1-4F213A5E59EB}\InprocServer32
HKCR\CLSID\{092A2FC0-7CC5-4749-A0F1-4F213A5E59EB}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{0a9f9196-a6cc-4dce-8d31-8d65b64cd44c}
HKCR\CLSID\{0A9F9196-A6CC-4DCE-8D31-8D65B64CD44C}
HKCR\CLSID\{0A9F9196-A6CC-4DCE-8D31-8D65B64CD44C}\InprocServer32
HKCR\CLSID\{0A9F9196-A6CC-4DCE-8D31-8D65B64CD44C}\InprocServer32#ThreadingModel
HKCR\CLSID\{0A9F9196-A6CC-4DCE-8D31-8D65B64CD44C}\TreatAs
HKLM\Software\Classes\CLSID\{0dbc23d5-fc6e-48b3-a3dd-dab15fdc2bb8}
HKCR\CLSID\{0DBC23D5-FC6E-48B3-A3DD-DAB15FDC2BB8}
HKCR\CLSID\{0DBC23D5-FC6E-48B3-A3DD-DAB15FDC2BB8}\InprocServer32
HKCR\CLSID\{0DBC23D5-FC6E-48B3-A3DD-DAB15FDC2BB8}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{0de56038-626c-4974-aa1d-35e56394c597}
HKCR\CLSID\{0DE56038-626C-4974-AA1D-35E56394C597}
HKCR\CLSID\{0DE56038-626C-4974-AA1D-35E56394C597}\InprocServer32
HKCR\CLSID\{0DE56038-626C-4974-AA1D-35E56394C597}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{21933629-007f-4304-8fb0-3cd82a4e9302}
HKCR\CLSID\{21933629-007F-4304-8FB0-3CD82A4E9302}
HKCR\CLSID\{21933629-007F-4304-8FB0-3CD82A4E9302}\InprocServer32
HKCR\CLSID\{21933629-007F-4304-8FB0-3CD82A4E9302}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{26ee1448-b34d-4e29-8364-7cd431e7c5f2}
HKCR\CLSID\{26EE1448-B34D-4E29-8364-7CD431E7C5F2}
HKCR\CLSID\{26EE1448-B34D-4E29-8364-7CD431E7C5F2}\InprocServer32
HKCR\CLSID\{26EE1448-B34D-4E29-8364-7CD431E7C5F2}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{27c3ec9f-aef7-42c1-95dc-0d1b80bb5575}
HKCR\CLSID\{27C3EC9F-AEF7-42C1-95DC-0D1B80BB5575}
HKCR\CLSID\{27C3EC9F-AEF7-42C1-95DC-0D1B80BB5575}\InprocServer32
HKCR\CLSID\{27C3EC9F-AEF7-42C1-95DC-0D1B80BB5575}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{2f23003d-817c-4b0a-a518-960b96e4de2f}
HKCR\CLSID\{2F23003D-817C-4B0A-A518-960B96E4DE2F}
HKCR\CLSID\{2F23003D-817C-4B0A-A518-960B96E4DE2F}\InprocServer32
HKCR\CLSID\{2F23003D-817C-4B0A-A518-960B96E4DE2F}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{36c93b36-45c0-42dc-b7a2-4aa28be26e82}
HKCR\CLSID\{36C93B36-45C0-42DC-B7A2-4AA28BE26E82}
HKCR\CLSID\{36C93B36-45C0-42DC-B7A2-4AA28BE26E82}\InprocServer32
HKCR\CLSID\{36C93B36-45C0-42DC-B7A2-4AA28BE26E82}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{393d2cb2-08f4-4e4b-91d7-620ed6cdfd7c}
HKCR\CLSID\{393D2CB2-08F4-4E4B-91D7-620ED6CDFD7C}
HKCR\CLSID\{393D2CB2-08F4-4E4B-91D7-620ED6CDFD7C}\InprocServer32
HKCR\CLSID\{393D2CB2-08F4-4E4B-91D7-620ED6CDFD7C}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{3de2d618-f6b9-463b-80a6-af29bc965b08}
HKCR\CLSID\{3DE2D618-F6B9-463B-80A6-AF29BC965B08}
HKCR\CLSID\{3DE2D618-F6B9-463B-80A6-AF29BC965B08}\InprocServer32
HKCR\CLSID\{3DE2D618-F6B9-463B-80A6-AF29BC965B08}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{45abb64b-fefd-43dd-b853-2cc1c89b8d3b}
HKCR\CLSID\{45ABB64B-FEFD-43DD-B853-2CC1C89B8D3B}
HKCR\CLSID\{45ABB64B-FEFD-43DD-B853-2CC1C89B8D3B}\InprocServer32
HKCR\CLSID\{45ABB64B-FEFD-43DD-B853-2CC1C89B8D3B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{4a28bc46-16f7-4331-9d46-a4f6f33f6547}
HKCR\CLSID\{4A28BC46-16F7-4331-9D46-A4F6F33F6547}
HKCR\CLSID\{4A28BC46-16F7-4331-9D46-A4F6F33F6547}\InprocServer32
HKCR\CLSID\{4A28BC46-16F7-4331-9D46-A4F6F33F6547}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{5434b2ed-bee4-4182-ab01-052a14516c43}
HKCR\CLSID\{5434B2ED-BEE4-4182-AB01-052A14516C43}
HKCR\CLSID\{5434B2ED-BEE4-4182-AB01-052A14516C43}\InprocServer32
HKCR\CLSID\{5434B2ED-BEE4-4182-AB01-052A14516C43}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{54527d4c-afdb-4f24-abdd-12053820db7b}
HKCR\CLSID\{54527D4C-AFDB-4F24-ABDD-12053820DB7B}
HKCR\CLSID\{54527D4C-AFDB-4F24-ABDD-12053820DB7B}\InprocServer32
HKCR\CLSID\{54527D4C-AFDB-4F24-ABDD-12053820DB7B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{562881b9-e869-4794-990f-918d01e6986d}
HKCR\CLSID\{562881B9-E869-4794-990F-918D01E6986D}
HKCR\CLSID\{562881B9-E869-4794-990F-918D01E6986D}\InprocServer32
HKCR\CLSID\{562881B9-E869-4794-990F-918D01E6986D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{5f9669aa-4d07-4e03-a043-270b994c398f}
HKCR\CLSID\{5F9669AA-4D07-4E03-A043-270B994C398F}
HKCR\CLSID\{5F9669AA-4D07-4E03-A043-270B994C398F}\InprocServer32
HKCR\CLSID\{5F9669AA-4D07-4E03-A043-270B994C398F}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6237652d-190e-4835-9c51-beb2066b56e9}
HKCR\CLSID\{6237652D-190E-4835-9C51-BEB2066B56E9}
HKCR\CLSID\{6237652D-190E-4835-9C51-BEB2066B56E9}\InprocServer32
HKCR\CLSID\{6237652D-190E-4835-9C51-BEB2066B56E9}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{68b6f86d-77ab-4425-907a-89751587df5b}
HKCR\CLSID\{68B6F86D-77AB-4425-907A-89751587DF5B}
HKCR\CLSID\{68B6F86D-77AB-4425-907A-89751587DF5B}\InprocServer32
HKCR\CLSID\{68B6F86D-77AB-4425-907A-89751587DF5B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6929c6ed-562e-4abd-8962-ae6a4e11e2b7}
HKCR\CLSID\{6929C6ED-562E-4ABD-8962-AE6A4E11E2B7}
HKCR\CLSID\{6929C6ED-562E-4ABD-8962-AE6A4E11E2B7}\InprocServer32
HKCR\CLSID\{6929C6ED-562E-4ABD-8962-AE6A4E11E2B7}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6c019127-ad65-4da2-9d3c-1ebbaf96de33}
HKCR\CLSID\{6C019127-AD65-4DA2-9D3C-1EBBAF96DE33}
HKCR\CLSID\{6C019127-AD65-4DA2-9D3C-1EBBAF96DE33}\InprocServer32
HKCR\CLSID\{6C019127-AD65-4DA2-9D3C-1EBBAF96DE33}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{78f3418c-1bb9-42d5-b62d-bbe36920f0c9}
HKCR\CLSID\{78F3418C-1BB9-42D5-B62D-BBE36920F0C9}
HKCR\CLSID\{78F3418C-1BB9-42D5-B62D-BBE36920F0C9}\InprocServer32
HKCR\CLSID\{78F3418C-1BB9-42D5-B62D-BBE36920F0C9}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{7bb6524d-9570-4974-ab5d-b73c9e6a3beb}
HKCR\CLSID\{7BB6524D-9570-4974-AB5D-B73C9E6A3BEB}
HKCR\CLSID\{7BB6524D-9570-4974-AB5D-B73C9E6A3BEB}\InprocServer32
HKCR\CLSID\{7BB6524D-9570-4974-AB5D-B73C9E6A3BEB}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{7f24f203-2976-439d-8c42-c5a1fdc41ddf}
HKCR\CLSID\{7F24F203-2976-439D-8C42-C5A1FDC41DDF}
HKCR\CLSID\{7F24F203-2976-439D-8C42-C5A1FDC41DDF}\InprocServer32
HKCR\CLSID\{7F24F203-2976-439D-8C42-C5A1FDC41DDF}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{82d533d6-d3a4-465c-bb6f-1b742dbccf28}
HKCR\CLSID\{82D533D6-D3A4-465C-BB6F-1B742DBCCF28}
HKCR\CLSID\{82D533D6-D3A4-465C-BB6F-1B742DBCCF28}\InprocServer32
HKCR\CLSID\{82D533D6-D3A4-465C-BB6F-1B742DBCCF28}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{838d0440-b66a-4dc6-bff7-bf7b156ecf6d}
HKCR\CLSID\{838D0440-B66A-4DC6-BFF7-BF7B156ECF6D}
HKCR\CLSID\{838D0440-B66A-4DC6-BFF7-BF7B156ECF6D}\InprocServer32
HKCR\CLSID\{838D0440-B66A-4DC6-BFF7-BF7B156ECF6D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{838dd578-1f7b-4e93-aa09-a9c3916e3f43}
HKCR\CLSID\{838DD578-1F7B-4E93-AA09-A9C3916E3F43}
HKCR\CLSID\{838DD578-1F7B-4E93-AA09-A9C3916E3F43}\InprocServer32
HKCR\CLSID\{838DD578-1F7B-4E93-AA09-A9C3916E3F43}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{9813b168-5ae2-4726-831a-56a578e849fe}
HKCR\CLSID\{9813B168-5AE2-4726-831A-56A578E849FE}
HKCR\CLSID\{9813B168-5AE2-4726-831A-56A578E849FE}\InprocServer32
HKCR\CLSID\{9813B168-5AE2-4726-831A-56A578E849FE}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{99f5f64f-7443-4f29-b22b-c88119fb995e}
HKCR\CLSID\{99F5F64F-7443-4F29-B22B-C88119FB995E}
HKCR\CLSID\{99F5F64F-7443-4F29-B22B-C88119FB995E}\InprocServer32
HKCR\CLSID\{99F5F64F-7443-4F29-B22B-C88119FB995E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{9cbb64d4-ecd7-426f-ac75-528d60d9c826}
HKCR\CLSID\{9CBB64D4-ECD7-426F-AC75-528D60D9C826}
HKCR\CLSID\{9CBB64D4-ECD7-426F-AC75-528D60D9C826}\InprocServer32
HKCR\CLSID\{9CBB64D4-ECD7-426F-AC75-528D60D9C826}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{a4a78f6f-4067-4b53-ada9-5520a12fb028}
HKCR\CLSID\{A4A78F6F-4067-4B53-ADA9-5520A12FB028}
HKCR\CLSID\{A4A78F6F-4067-4B53-ADA9-5520A12FB028}\InprocServer32
HKCR\CLSID\{A4A78F6F-4067-4B53-ADA9-5520A12FB028}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{a59f7bb9-792d-4e12-8356-75bae8a88e4b}
HKCR\CLSID\{A59F7BB9-792D-4E12-8356-75BAE8A88E4B}
HKCR\CLSID\{A59F7BB9-792D-4E12-8356-75BAE8A88E4B}\InprocServer32
HKCR\CLSID\{A59F7BB9-792D-4E12-8356-75BAE8A88E4B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{a8467b9d-0c93-4769-be19-7c01afd693f7}
HKCR\CLSID\{A8467B9D-0C93-4769-BE19-7C01AFD693F7}
HKCR\CLSID\{A8467B9D-0C93-4769-BE19-7C01AFD693F7}\InprocServer32
HKCR\CLSID\{A8467B9D-0C93-4769-BE19-7C01AFD693F7}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{a91f5974-1403-4d1d-b16d-1a856768100b}
HKCR\CLSID\{A91F5974-1403-4D1D-B16D-1A856768100B}
HKCR\CLSID\{A91F5974-1403-4D1D-B16D-1A856768100B}\InprocServer32
HKCR\CLSID\{A91F5974-1403-4D1D-B16D-1A856768100B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{ac4a8b8f-57db-4fb5-879a-e151b6bfc92a}
HKCR\CLSID\{AC4A8B8F-57DB-4FB5-879A-E151B6BFC92A}
HKCR\CLSID\{AC4A8B8F-57DB-4FB5-879A-E151B6BFC92A}\InprocServer32
HKCR\CLSID\{AC4A8B8F-57DB-4FB5-879A-E151B6BFC92A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{acf2452e-8e9b-48f9-9827-43dc63993cbb}
HKCR\CLSID\{ACF2452E-8E9B-48F9-9827-43DC63993CBB}
HKCR\CLSID\{ACF2452E-8E9B-48F9-9827-43DC63993CBB}\InprocServer32
HKCR\CLSID\{ACF2452E-8E9B-48F9-9827-43DC63993CBB}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{b7b3f5a2-acfb-40b7-af25-86a77513eeea}
HKCR\CLSID\{B7B3F5A2-ACFB-40B7-AF25-86A77513EEEA}
HKCR\CLSID\{B7B3F5A2-ACFB-40B7-AF25-86A77513EEEA}\InprocServer32
HKCR\CLSID\{B7B3F5A2-ACFB-40B7-AF25-86A77513EEEA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{da40825d-b2bd-44ce-96ae-acaafced7e89}
HKCR\CLSID\{DA40825D-B2BD-44CE-96AE-ACAAFCED7E89}
HKCR\CLSID\{DA40825D-B2BD-44CE-96AE-ACAAFCED7E89}\InprocServer32
HKCR\CLSID\{DA40825D-B2BD-44CE-96AE-ACAAFCED7E89}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{e12963e5-2ba2-4630-bc98-f9aef0e6e19a}
HKCR\CLSID\{E12963E5-2BA2-4630-BC98-F9AEF0E6E19A}
HKCR\CLSID\{E12963E5-2BA2-4630-BC98-F9AEF0E6E19A}\InprocServer32
HKCR\CLSID\{E12963E5-2BA2-4630-BC98-F9AEF0E6E19A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{e7238b8c-b101-41d0-8554-5e0ae43ebd98}
HKCR\CLSID\{E7238B8C-B101-41D0-8554-5E0AE43EBD98}
HKCR\CLSID\{E7238B8C-B101-41D0-8554-5E0AE43EBD98}\InprocServer32
HKCR\CLSID\{E7238B8C-B101-41D0-8554-5E0AE43EBD98}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{ea1fe023-63cf-401b-89f2-add54364689b}
HKCR\CLSID\{EA1FE023-63CF-401B-89F2-ADD54364689B}
HKCR\CLSID\{EA1FE023-63CF-401B-89F2-ADD54364689B}\InprocServer32
HKCR\CLSID\{EA1FE023-63CF-401B-89F2-ADD54364689B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{ef15edea-78e9-4521-b8c1-278d532c4e99}
HKCR\CLSID\{EF15EDEA-78E9-4521-B8C1-278D532C4E99}
HKCR\CLSID\{EF15EDEA-78E9-4521-B8C1-278D532C4E99}\InprocServer32
HKCR\CLSID\{EF15EDEA-78E9-4521-B8C1-278D532C4E99}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{f7f1ff23-2de4-43bd-805a-376eeb27484a}
HKCR\CLSID\{F7F1FF23-2DE4-43BD-805A-376EEB27484A}
HKCR\CLSID\{F7F1FF23-2DE4-43BD-805A-376EEB27484A}\InprocServer32
HKCR\CLSID\{F7F1FF23-2DE4-43BD-805A-376EEB27484A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{f88e2272-6123-4caf-8778-4e366090cdc0}
HKCR\CLSID\{F88E2272-6123-4CAF-8778-4E366090CDC0}
HKCR\CLSID\{F88E2272-6123-4CAF-8778-4E366090CDC0}\InprocServer32
HKCR\CLSID\{F88E2272-6123-4CAF-8778-4E366090CDC0}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{f914fa32-5956-455b-9d5c-a295f950474b}
HKCR\CLSID\{F914FA32-5956-455B-9D5C-A295F950474B}
HKCR\CLSID\{F914FA32-5956-455B-9D5C-A295F950474B}\InprocServer32
HKCR\CLSID\{F914FA32-5956-455B-9D5C-A295F950474B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{fe7df926-bae3-4c0e-8df9-4b439f7a50d9}
HKCR\CLSID\{FE7DF926-BAE3-4C0E-8DF9-4B439F7A50D9}
HKCR\CLSID\{FE7DF926-BAE3-4C0E-8DF9-4B439F7A50D9}\InprocServer32
HKCR\CLSID\{FE7DF926-BAE3-4C0E-8DF9-4B439F7A50D9}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a9f9196-a6cc-4dce-8d31-8d65b64cd44c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f914fa32-5956-455b-9d5c-a295f950474b}
Adware.AdBlaster
HKLM\Software\Classes\CLSID\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}
HKCR\CLSID\{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}
HKCR\CLSID\{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}\InprocServer32
AdBars BHO
HKLM\Software\Classes\CLSID\{51641ef3-8a7a-4d84-8659-b0911e947cc8}
HKCR\CLSID\{51641EF3-8A7A-4D84-8659-B0911E947CC8}
HKCR\CLSID\{51641EF3-8A7A-4D84-8659-B0911E947CC8}\InprocServer32
Adware.404Search
HKLM\Software\Classes\CLSID\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
HKCR\CLSID\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
HKCR\CLSID\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}\InprocServer32
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}\InprocServer32
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}\InprocServer32#ThreadingModel
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}\ProgID
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}\Programmable
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}\TypeLib
HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}\VersionIndependentProgID
C:\PROGRAM FILES\HELPER\1202569705.DLL
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\InprocServer32
Rootkit.RunTime3/FutureGen
HKLM\System\ControlSet001\Services\Fkq26
C:\WINDOWS\SYSTEM32\DRIVERS\FKQ26.SYS
HKLM\System\ControlSet003\Services\Fkq26
HKLM\System\CurrentControlSet\Services\Fkq26
Adware.Tracking Cookie
C:\Documents and Settings\veary\Cookies\[email protected][1].txt
C:\Documents and Settings\veary\Cookies\[email protected][1].txt
C:\Documents and Settings\veary\Cookies\veary@ig[1].txt
C:\Documents and Settings\veary\Cookies\veary@adrevolver[1].txt
C:\Documents and Settings\veary\Cookies\[email protected][1].txt
C:\Documents and Settings\veary\Cookies\veary@a[1].txt
C:\Documents and Settings\veary\Cookies\veary@systemerrorfixer[1].txt
C:\Documents and Settings\veary\Cookies\veary@bestsellerantivirus[1].txt
C:\Documents and Settings\veary\Cookies\veary@advancedcleaner[1].txt
C:\Documents and Settings\veary\Cookies\[email protected][1].txt
C:\Documents and Settings\veary\Cookies\veary@burstnet[1].txt
C:\Documents and Settings\veary\Cookies\veary@doubleclick[1].txt
C:\Documents and Settings\veary\Cookies\[email protected][1].txt
C:\Documents and Settings\veary\Cookies\veary@bizadverts[1].txt
C:\Documents and Settings\veary\Cookies\veary@zedo[1].txt
C:\Documents and Settings\veary\Cookies\veary@mediaplex[1].txt
C:\Documents and Settings\veary\Cookies\[email protected][1].txt
Malware.MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
C:\Program Files\MalwareAlarm\routines.dll
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\MalwareAlarm
C:\Documents and Settings\veary\Desktop\MalwareAlarm.lnk
Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId
Adware.Web Buying
HKU\S-1-5-21-583907252-1682526488-1343024091-1004\Software\WebBuying
Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213329D26033AAC ]
Adware.E404 Helper/Hij
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\E404.e404mgr.1
HKCR\E404.e404mgr.1\CLSID
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version
RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk
Adware.VXGame-Trace
HKU\S-1-5-21-583907252-1682526488-1343024091-1004\Software\kernelexe
Adware.E404 Helper/Variant-A
C:\LQFTHFIS.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\49HS640G\LMMQRV[1].HTM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\R0Q7F67U\IFTKK[1].HTM
Trojan.Unknown Origin
C:\OAWIA.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\DZ9CKG9C\WJKBCTTKLC[1].HTM
C:\WINDOWS\SYSTEM32\WNIS6\ENAMD83122.EXE
Adware.E404 Helper/Variant
C:\PROGRAM FILES\HELPER\1202558915.DLL
C:\PROGRAM FILES\HELPER\1202558916.DLL
Trojan.Downloader-Gen/Bundle Installer
C:\WINDOWS\B116.EXE
C:\WINDOWS\B122.EXE
C:\WINDOWS\B147.EXE
C:\WINDOWS\B149.EXE
Malware.LocusSoftware Inc-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M0611NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M2210NETINSTALLER.EXE
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\CFHKJ.INI
Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\PMNNOML.DLL
Trace.Known Threat Sources
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\ico_4[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\body_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\pbmarker[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\index[2].htm
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\scan[1].php
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\crypt[2].htm
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\ajax[2].htm
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\g-bottomleft[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\Activex[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\errorhandler[2].htm
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\ADCFreeInstaller[1].exe
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\g-top[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\spyware[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\scan_bot[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\footer_bg[2].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\feat_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\scans_top[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\styles[2].css
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\feat_bot[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\logo[1].jpg
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\styles[4].css
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\g-topleft[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\feat_li[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\common[2].js
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\spacer[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\g-bottom[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\c12_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\ico_1[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\ico_5[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\c21_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\logo_bot[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\bar[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\g-left[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\c22_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\5_swp[1]
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\logo2[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\feat_top[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\c11_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\scans_bg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\styles[1].css
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\scan_now[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\window[1].js
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\g-bottomright[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\progressbar[2].js
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\g-topright[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\buttonbg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\lupa[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\pbbg[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\OB23KH4B\managers[2].htm
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\0DE3STUV\kluch[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\YNYFGDU3\ax[1].gif
C:\Documents and Settings\veary\Local Settings\Temporary Internet Files\Content.IE5\I98NIDW7\closebutton[1].gif