Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by altec3220 , Jun 01 2009 08:14 PM

  • Please log in to reply

#1
altec3220
Posted 01 June 2009 - 08:14 PM

altec3220

    New Member

  • Member
  • Pip
  • 1 posts
I've been battling with this nasty Google Redirect thing for the better part of the day. I think I may finally have cleared it out for good. In addition to my standard McAfee virus scan I have also run AVG Free 8.5 and Malwarebytes' Anti-Malware. I would truly appreciate it if someone could take a look at my MBAM, Rooter and OTListIt logs. It's a virtual wall of text to me but maybe someone who knows what they're looking for can make sense of it. I have removed the name of my computer out of sheer paranoia but otherwise these are copied verbatim.

Thank you kindly in advance.

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/1/2009 12:55:29 PM
mbam-log-2009-06-01 (12-55-29).txt

Scan type: Quick Scan
Objects scanned: 85184
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\had73sfdfd.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvd32_r (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\had73sfdfd.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\RJ\protect.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\RJ\Application Data\unobi.dll (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\RJ\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\RJ\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\RJ\Local Settings\Temp\3995683606.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\RJ\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Rooter

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:114416 Mo/Free:2813 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Mon 06/01/2009|22:03

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\program files\common files\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\Apoint\Apoint.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\locator.exe
---------- C:\Program Files\Apoint\HidFind.exe
---------- C:\Program Files\Apoint\Apntex.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\OTListIt2.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 06/01/2009|22:05

----------------------\\ Scan completed at 22:05

OTListIt.Txt

OTListIt logfile created on: 6/1/2009 9:58:22 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 473.76 Mb Available Physical Memory | 46.70% Memory free
2.38 Gb Paging File | 1.86 Gb Available in Paging File | 77.90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 30.75 Gb Free Space | 27.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: [REMOVED]
Current User Name: [REMOVED]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Apoint\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [On_Demand | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (stllssvr [On_Demand | Stopped]) -- File not found
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070801
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070801

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070801
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070801
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://tvlistings.za...531F?position="
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4
FF - prefs.js..extensions.enabledItems: [email protected]:3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/04 17:26:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/01 17:09:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/06/01 21:33:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/02 15:37:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 10:24:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/02/02 13:12:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/02/02 13:12:16 | 00,000,000 | ---D | M]

[2008/07/22 20:50:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Extensions
[2008/07/22 20:50:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/01 21:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions
[2008/07/22 21:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2008/07/22 20:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}(2)
[2009/05/13 07:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/16 09:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/24 14:34:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\[email protected]
[2008/11/29 11:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\[email protected]
[2009/03/20 19:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REMOVED]\Application Data\mozilla\Firefox\Profiles\azu838n9.default\extensions\[email protected]
[2009/06/01 21:20:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 10:24:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/04 17:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/31 20:46:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 10:24:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 10:24:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/14 22:38:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/14 22:38:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/14 22:38:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 22:38:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/14 22:38:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/14 22:38:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (America Online, Inc.)
O4 - HKCU..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\BUSINE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\VBULLE~4.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\DELL-G~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\GRADIE~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\HBX_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\MENU_O~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\IG_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\K1VYXJ~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SEARCH~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\I30000~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\CLEAR_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\FAVICO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\GETJS_~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SPINNE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\LIBVIE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\MENU03~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\POST_O~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\BUSINE~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\V_W2_3~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SENDTO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\CHANCE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\TOPICS~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SECURI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\CHUNKS~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SEARCH~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\USER_O~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\BUTTON~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\V_W2_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\REVIEW~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\PROXY_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\COLLAP~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\STYLE_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\GUIDES~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\BUTTON~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\AD_POP~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\BK-INT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\GEQPFX~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SEARCH~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\LOGO_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\USER_O~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\TOPIC1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\BLOGGE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\VP_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\NAV_BG~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\FOOTER~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\RAVE_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\APPIE7~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\BUTTON~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SPRITE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\HOME_H~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\TAMP_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\2009_M~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\V_W2_2~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\JSONP_~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SCREEN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\NEWSTA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\HOME_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\DOWN-A~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\BG_NAV~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\LOWLEF~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SUBJBA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\PRINTT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\LOGO_6~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\TECHSU~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\JQUERY~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\CLEAR_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SMC_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\MOTIFE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\FAVICO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\V_W2_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\EXTERN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\FORUM_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SUBNAV~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\COLLAP~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\CHUNKS~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\FEED-I~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\GA_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\AUTHOR~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\EMAIL-~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\HOME_H~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\498030~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\V_W2_2~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\160X60~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\LOGO-H~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\B33465~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\CONNEC~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\FUTURA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\MT_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\TRANSP~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\OFFICI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\VBULLE~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SPARKL~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\PRINTE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\TSGCT_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\LOG_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\COLLAP~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\DOWNLO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\VBULLE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\POP_TB~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\NAVBIT~4.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\EXTERN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\EDIT_8~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\PRINT_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\GO_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\FARBTA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\ADS_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\COOL_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\1-1_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\NEWSVI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\I60000~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SOMERI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\DOWNLO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\I18N_8~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\BG_FOO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\PRIMAR~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\CROSSD~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\BG_HEA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\TABSWE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\GENERA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\UH-113~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\LIST_B~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\BL-OUT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\MOOTOO~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\A_5_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\WCSS_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SEARCH~4.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SUPPOR~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SELECT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\DOOR_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SECURI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\INDEXT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\ABOUTM~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\IDCCSS~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SIMPY_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\FURL_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\REGIST~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\CHUNKS~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\JQUERY~4.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SYSTEM~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\ALERTB~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\IDC-TR~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\YBKM_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\COOKIE~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\1-4_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\3-9110~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\TEMPLA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\STYLE-~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\CHUNKS~4.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SPIT_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\FAVICO~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SEARCH~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\USER-1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\MALWAR~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\TPAY_L~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\FORUMS~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\NODE_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\IDC-GR~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\CALEND~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\1181_1~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\EMPTY_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SE9D62~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\FAVICO~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\VBCE6C~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\INDEX_~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\CERMAK~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\YAHOO-~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\LOFISC~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\DL_BTN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SEARCH~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\H1_BUL~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SITEID~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\FLAG_S~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\TPAY_L~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\TRIALP~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\ACTIVI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\I10000~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SEARCH~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\THREAD~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\160X60~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\ICON-U~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\NAVBIT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\EXCLAM~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\CHUNKS~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\EFFECT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\I20000~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SPHERE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\CONTAI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SU_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\ICON-S~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\CHCD3B~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\3000-2~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\WESMOS~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\YAHOO-~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\QUOTE_~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\THREAD~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\OFFENS~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\CORNER~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\PHOTO_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\MINIMA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\SYMANT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\I50000~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\CHUNKS~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\HEADER~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\JQUERY~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\DL_BTN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\DELICI~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\CHUNKS~4.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\__UTM_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\SYSTEM~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\MINIMA~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\SEARCH~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\801675~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\IDC-IN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\FEATUR~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\300X25~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\MINIMA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\BOOKMA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\TRANSD~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\ICO_CN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\WEBNEW~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\COMMUN~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\ICO_YE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\CD_AVA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\REDDIT~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\629094~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\ANSWER~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\TABLE_~2.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\ICON-O~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\A45C25~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\MAGNIF~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0VGLM6M5\TAB_BL~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\PAGE_P~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\SPON-W~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\RSS_1_~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\ICON-D~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\FA9455~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\FLAG_P~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\FA9065~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\BG_HEA~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\BLOGGE~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\WEBRES~3.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\4PXILSFG\MNU2_T~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\0DJ2MRBW\FF_PIC~1.SH! C:\DOCUME~1\[REMOVED]\LOCALS~1\TEMPOR~1\Content.IE5\JOA3U5L2\A_1_~1.SH! ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/01 21:57:16 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/06/01 21:57:15 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTListIt2.exe
[2009/06/01 21:32:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/01 21:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/01 21:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/01 21:31:38 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/01 21:31:38 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/06/01 21:31:38 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/01 21:31:38 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/06/01 21:31:38 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/01 21:31:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/06/01 21:31:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/01 19:27:30 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/01 17:12:58 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/01 17:12:50 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/01 17:09:55 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 17:09:54 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 17:09:48 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 17:09:44 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 17:09:37 | 36,691,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/01 17:09:37 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 17:09:37 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 17:09:37 | 00,063,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/01 17:09:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/01 17:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/01 17:09:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/01 17:07:39 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/01 12:50:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REMOVED]\Application Data\Malwarebytes
[2009/06/01 12:50:16 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/01 12:50:15 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/01 12:50:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/01 12:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/01 12:33:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REMOVED]\My Documents\filelib
[2009/05/29 15:55:26 | 55,829,678 | ---- | C] () -- C:\Documents and Settings\[REMOVED]\My Documents\Bridget_Regan_theView.avi
[2009/05/29 10:02:51 | 93,196,288 | ---- | C] () -- C:\Documents and Settings\[REMOVED]\My Documents\Live_with_Regis___Kelly_-_Bridget_Regan_-_5-22-09.avi
[2009/05/27 19:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/22 13:07:50 | 03,701,863 | ---- | C] () -- C:\Documents and Settings\[REMOVED]\My Documents\1x01%20-%20Don%27t%20Stop%20Believing.mp3
[2009/05/22 12:29:07 | 03,318,177 | ---- | C] () -- C:\Documents and Settings\[REMOVED]\My Documents\1x01%20-%20Rehab.mp3
[2009/05/16 10:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/05/13 18:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2008/12/13 22:58:52 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/08/15 22:09:20 | 00,000,150 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2008/07/20 21:48:39 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/07/02 18:40:11 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/02 18:40:04 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/02 18:40:04 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/02 18:40:03 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/02 18:40:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/02 16:05:07 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/20 21:46:10 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SCapPro.INI
[2008/03/31 17:25:46 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 16:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 16:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 16:28:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/12 09:36:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FlashBuilder.INI
[2007/10/14 16:23:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Moto.INI
[2007/10/01 14:09:31 | 00,138,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/07 16:07:28 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/09/07 16:07:25 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/08/28 22:41:19 | 00,000,614 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/08/23 15:45:58 | 00,000,349 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2007/08/23 15:45:27 | 00,000,280 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/12 11:05:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/02 00:34:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/02 00:24:01 | 00,001,308 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/02 00:20:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/08/02 00:20:02 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/08/02 00:00:36 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/09 17:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:51:28 | 00,000,677 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/01 21:44:35 | 00,529,926 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/01 21:44:35 | 00,447,280 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/01 21:44:35 | 00,073,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/01 21:40:30 | 00,022,367 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/01 21:39:47 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\[REMOVED]\Local Settings\desktop.ini
[2009/06/01 21:39:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/01 21:39:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/01 21:39:30 | 00,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/01 21:18:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/01 17:12:50 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/01 17:11:58 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/01 17:11:44 | 36,691,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/01 17:11:27 | 00,063,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/01 17:09:55 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 17:09:54 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 17:09:48 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 17:09:44 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 17:09:37 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 17:09:37 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 11:24:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts2
[2009/05/29 16:05:14 | 55,829,678 | ---- | M] () -- C:\Documents and Settings\[REMOVED]\My Documents\Bridget_Regan_theView.avi
[2009/05/29 10:16:05 | 93,196,288 | ---- | M] () -- C:\Documents and Settings\[REMOVED]\My Documents\Live_with_Regis___Kelly_-_Bridget_Regan_-_5-22-09.avi
[2009/05/27 10:12:11 | 00,057,856 | ---- | M] () -- C:\Documents and Settings\[REMOVED]\Desktop\Books.xls
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/22 13:08:15 | 03,701,863 | ---- | M] () -- C:\Documents and Settings\[REMOVED]\My Documents\1x01%20-%20Don%27t%20Stop%20Believing.mp3
[2009/05/22 12:29:09 | 03,318,177 | ---- | M] () -- C:\Documents and Settings\[REMOVED]\My Documents\1x01%20-%20Rehab.mp3
[2009/05/13 11:48:08 | 00,095,744 | -HS- | M] () -- C:\Documents and Settings\[REMOVED]\My Documents\Thumbs.db
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Extras.txt
OTListIt Extras logfile created on: 6/1/2009 9:58:22 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 473.76 Mb Available Physical Memory | 46.70% Memory free
2.38 Gb Paging File | 1.86 Gb Available in Paging File | 77.90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 30.75 Gb Free Space | 27.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: [REMOVED]
Current User Name: [REMOVED]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"123:UDP" = 123:UDP:*:Enabled:NTP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service File not found
C:\Program Files\Kontiki\KHost.exe:*:Enabled:KHost.exe File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (SM) (America Online, Inc.)
C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager File not found
C:\Program Files\Battlestar Galactica Beyond the Red Line\fs2_open_3_6_9.exe:*:Enabled:FreeSpace File not found
C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps ()
C:\Program Files\Microsoft Games\Motocross Madness 2 Trial\mcm2.exe:*:Enabled:Microsoft® Motocross Madness 2 File not found
C:\Program Files\ABC\abc.exe:*:Enabled:abc ()
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\WESTWOOD\C&C95\C&C95.exe:*:Enabled:C&C95 File not found
C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft (Blizzard Entertainment)
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic (Gabest)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient (US Army)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam.exe (Malwarebytes Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{25AF0BD1-DF07-4447-8E91-28E99617C556}" = DeadAIM
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 4.42
"ABC" = ABC (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo Printer 720" = Dell Photo Printer 720
"FrontPage v3.0" = Microsoft FrontPage 98
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Riva FLV Player_is1" = Riva FLV Player
"SearchAssist" = SearchAssist
"Starcraft" = Starcraft
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WavePad" = WavePad Uninstall
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.17
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2009 3:54:44 PM | Computer Name = [REMOVED] | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2644 (0xa54) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\DAT\5587.0\mferuntime.dat

by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/23/2009 5:47:48 PM | Computer Name = [REMOVED] | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 4/25/2009 10:40:53 PM | Computer Name = [REMOVED] | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 4/29/2009 8:34:13 AM | Computer Name = [REMOVED] | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x11481000.

Error - 5/6/2009 6:57:13 PM | Computer Name = [REMOVED] | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 1.8.20080.5272, faulting
module unknown, version 0.0.0.0, fault address 0x029a10fe.

Error - 5/15/2009 3:01:44 PM | Computer Name = [REMOVED] | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x000af377.

Error - 5/17/2009 7:01:18 PM | Computer Name = [REMOVED] | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x00010a1b.

Error - 6/1/2009 5:07:55 PM | Computer Name = [REMOVED] | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/1/2009 7:24:01 PM | Computer Name = [REMOVED] | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.5.0.300, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 6/1/2009 9:38:05 PM | Computer Name = [REMOVED] | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 6/1/2009 5:03:14 PM | Computer Name = [REMOVED] | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/1/2009 5:03:14 PM | Computer Name = [REMOVED] | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/1/2009 5:03:14 PM | Computer Name = [REMOVED] | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 6/1/2009 5:04:57 PM | Computer Name = [REMOVED] | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 6/1/2009 5:05:05 PM | Computer Name = [REMOVED] | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 6/1/2009 5:05:15 PM | Computer Name = [REMOVED] | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 6/1/2009 5:05:33 PM | Computer Name = [REMOVED] | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/1/2009 9:34:58 PM | Computer Name = [REMOVED] | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 6/1/2009 9:37:03 PM | Computer Name = [REMOVED] | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 6/1/2009 9:37:29 PM | Computer Name = [REMOVED] | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP