Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE popping up ad windows at random

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE popping up ad windows at random

Unread postby Occam » June 30th, 2010, 3:51 am

IE keeps popping up an ad window every 30 minutes or so. PC was clean a few days ago, I think a recent reboot has woken something up. It's a Latitude D630, I think.

I don't use IE. IE is not visibly running, foreground or background, when these windows pop up. These are not pop-up ads being triggered by my surfing. I only use Firefox. IE has only been used a half-dozen times recently by programs invoking help files and download sites. They are all well known (Paint.NET, Microsoft Office, Google, Smartdraw, etc.), invoked by the programs themselves, and are extremely unlikely to contain any exploits.

There is an iexplore.exe process running, which I believe is not normal because it's not on my other PC. But I'm not sure. I don't know what happens if I kill it.

There doesn't seem to be anything else wrong. It did hang for nearly 15 minutes after the reboot while trying to access my network. Not normal. Eventually it cleared up but then the windows started appearing with random ads.

The ad windows are well behaved in that they only appear once, can be closed, and do not re-appear again for some considerable time. There are no multiple windows, annoying endless loops, or the like.

SuperSpywareBlaster, Spyware Doctor, Microsoft Security Essentials and Housecall don't identify anything positive. SSB and SD were installed post-infection. I'm trying the Microsoft malicious software tool.

I've only had this computer two months, and now this. I hate IE. Thanks in advance for any help.


HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:13:38 AM, on 6/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
\Sean2\c\Program Files\PureText\PureText.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AutoMate4\Automate.exe
C:\Program Files\GridMove\GridMove.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Program Files\Yahoo! Widgets\YahooWidgets.exe
C:\Program Files\Yahoo! Widgets\YahooWidgets.exe
C:\Program Files\Yahoo! Widgets\YahooWidgets.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\wdfmgr.exe
\Vault2\d\Software\Microsoft Malicious Software Removal Tool\KB890830\windows-kb890830-v3.8.exe
c:\26d2a21bdf441b4df54b2c8e345379\mrtstub.exe
C:\WINNT\system32\MRT.exe
C:\WINNT\System32\alg.exe
C:\WINNT\System32\msiexec.exe
C:\Program Files\Pitaschio\Pitaschio.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINNT\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINNT\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [PureText] "\\Sean2\c\Program Files\PureText\PureText.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: GridMove.lnk = C:\Program Files\GridMove\GridMove.exe
O4 - Startup: QuickMonth Calendar.lnk = C:\WINNT\qmc.exe
O4 - Startup: WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo! Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoMate Task Service.lnk = C:\Program Files\AutoMate4\Automate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4457702253
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{876B212A-098F-49F8-87E5-BE35EDB67D2B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8699 bytes



Uninstall list:

Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Altium Designer 2004 (SP3)
AutoMate 4
Color LaserJet 2600n
Conexant HDA D330 MDC V.92 Modem
DivX
DivX Web Player
DVDFab 7.0.1.2 Beta (05/03/2010)
GridMove V1.19.53
High Definition Audio Driver Package - KB888111
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Icon Restore 1.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Internet Explorer Q903235
InterVideo XPack (DVD Only)
IrfanView (remove only)
Java(TM) 6 Update 13
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Antimalware
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MuvEnum Address Bar - Windows Explorer Extension
NameIt
NEF Codec
NVIDIA Drivers
Paint.NET v3.20
QuickMonth Calendar 1.1
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SmartDraw 7
Spyware Doctor 7.0
SUPERAntiSpyware
TeraCopy 1.22
TOSHIBA Software Modem
Trend Micro RUBotted
Trident Display Driver
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WallMaster Pro
Windows Genuine Advantage v1.3.0254.0
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager
Yahoo! Widgets

----
S.
Occam
Regular Member
 
Posts: 26
Joined: June 30th, 2010, 3:24 am
Advertisement
Register to Remove

Re: IE popping up ad windows at random

Unread postby MWR 3 day Mod » July 4th, 2010, 1:25 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: IE popping up ad windows at random

Unread postby deltalima » July 5th, 2010, 5:14 am

Hi Occam,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE popping up ad windows at random

Unread postby Occam » July 5th, 2010, 7:05 pm

Hi deltalima,

Thanks very much for the help!

I have access to another virus scanner through my service provider, which I think might be better than MSE. Should I try it?

Thanks,
S.


OTL.Txt


OTL logfile created on: 7/5/2010 12:24:13 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 99.01 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LATITUDE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINNT\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINNT\System32\hidserv.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINNT\system32\snmp.exe (Microsoft Corporation)
SRV - (RUBotted) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)


========== Driver Services (SafeList) ==========

DRV - (HSXHWAZL) -- C:\WINNT\System32\DRIVERS\HSXHWAZL.sys File not found
DRV - (fkwzgmie) -- C:\WINNT\System32\drivers\fkwzgmie.sys File not found
DRV - (MpFilter) -- C:\WINNT\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINNT\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (amdagp) -- C:\WINNT\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINNT\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINNT\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINNT\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (e1express) Intel(R) -- C:\WINNT\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ialm) -- C:\WINNT\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINNT\system32\drivers\oz776.sys (O2Micro)
DRV - (TcUsb) -- C:\WINNT\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (TMPassthruMP) -- C:\WINNT\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthru) -- C:\WINNT\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (HSF_DPV) -- C:\WINNT\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINNT\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINNT\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\WINNT\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (NETw4x32) Intel(R) -- C:\WINNT\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINNT\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (truecrypt) -- C:\WINNT\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (HECI) Intel(R) -- C:\WINNT\system32\drivers\HECI.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINNT\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINNT\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw3x32) Intel(R) -- C:\WINNT\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (nv) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (w29n51) Intel(R) -- C:\WINNT\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (IFXTPM) -- C:\WINNT\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINNT\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (yukonwxp) -- C:\WINNT\system32\drivers\yk51x86.sys (Marvell)
DRV - (altio) -- C:\WINNT\system32\altio.sys (Altium Limited)
DRV - (ApfiltrService) -- C:\WINNT\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (w70n51) Intel(R) -- C:\WINNT\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (tridxp4) -- C:\WINNT\system32\drivers\tridxp4m.sys (Trident Microsystems Inc.)
DRV - (tsdhd) -- C:\WINNT\system32\drivers\tsdhd.sys (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINNT\system32\drivers\smcirda.sys (SMC)
DRV - (Sparrow) -- C:\WINNT\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINNT\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINNT\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINNT\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINNT\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINNT\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINNT\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINNT\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINNT\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINNT\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINNT\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINNT\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINNT\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINNT\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINNT\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.15
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: validator@totalvalidator.com:6.5.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/30 07:24:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 14:08:11 | 000,000,000 | ---D | M]

[2010/05/20 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/07/03 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions
[2010/06/25 00:15:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/25 00:15:35 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/25 00:15:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/02 15:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\foxmarks@kei.com
[2010/06/29 14:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\validator@totalvalidator.com
[2010/07/02 01:54:12 | 000,002,979 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\searchplugins\ebayca.xml
[2010/07/04 07:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINNT\System32\nvsysrot.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [RegServer] C:\WINNT\System32\RegServe.exe ()
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TridentWatchDog] C:\WINNT\System32\TWatDog.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051..\Run: [PureText] File not found
O4 - HKLM..\RunOnce: [New Value #1] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pitaschio.lnk = C:\Program Files\Pitaschio\Pitaschio.exe ( )
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoMate Task Service.lnk = C:\Program Files\AutoMate4\Automate.exe (Unisyn Software, LLC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\GridMove.lnk = C:\Program Files\GridMove\GridMove.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickMonth Calendar.lnk = C:\WINNT\qmc.exe File not found
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo! Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4457702253 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/15 12:17:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a501680-6480-11df-bbb9-001c234442da}\Shell - "" = AutoRun
O33 - MountPoints2\{3a501680-6480-11df-bbb9-001c234442da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a501680-6480-11df-bbb9-001c234442da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINNT\TEMP\AUTMGR32.EXE" /START "%1" %* ()
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINNT\TEMP\AUTMGR32.EXE" /START "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 08:32:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/07/03 07:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/07/02 17:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Altium2004_SP4
[2010/07/02 17:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Altium2004_SP4
[2010/07/02 17:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Altium2004_SP4
[2010/07/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WexTech Shared
[2010/07/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Novell Shared
[2010/07/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lhspf
[2010/07/01 19:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/01 19:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/01 19:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/30 23:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Identities
[2010/06/30 01:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/06/30 00:21:47 | 000,000,000 | ---D | C] -- C:\c9b20ff71cffe5f758bc
[2010/06/29 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Threat Expert
[2010/06/29 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2010/06/29 21:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/06/29 21:38:50 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINNT\PCTBDCore.dll.old
[2010/06/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/29 21:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/29 14:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 14:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 14:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/29 14:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/24 20:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Workspaces
[2010/06/23 22:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Paint.NET
[2010/06/23 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/06/23 21:37:17 | 000,000,000 | ---D | C] -- C:\temp
[2010/06/22 21:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Arachnophilia
[2010/06/21 08:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Designs
[2010/06/21 08:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Altium2004_SP3
[2010/06/21 08:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Altium2004_SP3
[2010/06/21 08:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Altium2004_SP3
[2010/06/21 08:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Altium2004_SP2Security
[2010/06/20 21:54:54 | 000,212,992 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\hptcpmui.dll
[2010/06/20 21:54:52 | 000,102,400 | R--- | C] (Hewlett Packard) -- C:\WINNT\System32\hpzjrd01.dll
[2010/06/20 21:54:52 | 000,098,304 | R--- | C] (Hewlett Packard Company) -- C:\WINNT\System32\hpzjsn01.dll
[2010/06/20 21:54:52 | 000,028,672 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpzjfw01.dll
[2010/06/20 21:54:51 | 000,126,976 | R--- | C] (Hewlett Packard) -- C:\WINNT\System32\hptcpmon.dll
[2010/06/20 21:54:51 | 000,073,728 | R--- | C] (Hewlett Packard) -- C:\WINNT\System32\hptcpmib.dll
[2010/06/20 21:54:28 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\IMF32.DLL
[2010/06/20 21:54:26 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\zlhp2600.dll
[2010/06/20 21:54:26 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\zlm.dll
[2010/06/20 21:54:25 | 000,155,648 | R--- | C] (Zenographics) -- C:\WINNT\System32\HP2600IR.dll
[2010/06/20 21:54:25 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\ZSPOOL.DLL
[2010/06/20 21:54:25 | 000,024,576 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\ZTAG32.DLL
[2010/06/20 21:54:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Zenographics
[2010/06/20 21:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/20 21:39:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/06/20 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Vso
[2010/06/20 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\PcSetup
[2010/06/20 21:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\DVDFab
[2010/06/20 21:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/06/20 21:33:08 | 000,188,672 | ---- | C] (TrueCrypt Foundation) -- C:\WINNT\System32\drivers\truecrypt.sys
[2010/06/20 21:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/06/20 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Howies Quick Screen Capture
[2010/06/20 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Altium2004 SP3
[2010/06/20 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\NameIt
[2010/06/20 21:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\GridMove
[2010/06/20 21:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Widgets
[2010/06/20 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/20 21:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
[2010/06/20 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Widgets
[2010/06/20 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/06/20 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/06/20 20:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/20 20:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SmartDraw
[2010/06/20 20:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw 7
[2010/06/20 20:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/20 20:34:54 | 000,102,912 | ---- | C] (Unisyn Software, LLC) -- C:\WINNT\System32\amnt.dll
[2010/06/20 20:34:41 | 001,108,992 | ---- | C] (Unisyn Software, LLC) -- C:\WINNT\System32\AMOLE.dll
[2010/06/20 20:34:41 | 000,446,464 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINNT\System32\Hhactivex.dll
[2010/06/20 20:34:29 | 000,262,144 | ---- | C] (Polar Engineering and Consulting) -- C:\WINNT\System32\Sbent532.ocx
[2010/06/20 20:34:27 | 001,134,645 | ---- | C] (Polar Engineering and Consulting) -- C:\WINNT\System32\Sbe5_32.dll
[2010/06/20 20:34:18 | 000,283,984 | ---- | C] (Xceed Software Inc (450) 442-2626 zip@xceedsoft.com www.xceedsoft.com) -- C:\WINNT\System32\XceedZip.dll
[2010/06/20 20:34:17 | 000,429,056 | ---- | C] (Unisyn Software, LLC) -- C:\WINNT\System32\RIPCMgr.dll
[2010/06/20 20:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\AutoMate4
[2010/06/20 20:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/20 20:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/20 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/20 20:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/20 20:24:31 | 000,000,000 | ---D | C] -- C:\WINNT\SHELLNEW
[2010/06/20 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Help
[2010/06/20 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/20 20:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/20 20:23:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/20 20:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AdobeUM
[2010/06/20 13:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TeraCopy
[2010/06/20 13:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/06/20 01:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
[2010/06/20 01:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/06/19 22:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Irfanview
[2010/06/19 22:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Help
[2010/06/19 22:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Help
[2010/06/19 22:39:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Desktop\d on Vault2 (vault2)
[2010/06/19 22:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\WallMaster
[2010/06/19 22:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 10:00:30 | 000,000,408 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2010/07/05 09:59:12 | 000,479,920 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/05 09:59:12 | 000,408,238 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/05 09:59:12 | 000,064,602 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/05 09:55:17 | 000,000,448 | ---- | M] () -- C:\WINNT\tasks\SDMsgUpdate (SD).job
[2010/07/05 09:55:16 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/05 09:54:56 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/05 09:54:47 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/05 09:54:44 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/05 09:54:06 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/07/05 09:54:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/07/05 09:10:58 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\User\Desktop\GMER.lnk
[2010/07/05 09:09:51 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis (2).lnk
[2010/07/05 09:05:23 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - IE popping up ad windows at random.URL
[2010/07/05 08:51:51 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/07/05 08:32:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/07/04 20:35:58 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Blackline GPS.lnk
[2010/07/02 17:01:55 | 003,792,992 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/07/02 16:49:33 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Altium Designer 2004 (SP3).lnk
[2010/07/02 14:31:21 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2010/06/30 14:12:57 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel 2007.lnk
[2010/06/30 08:44:08 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Blackline workspace.lnk
[2010/06/30 01:13:25 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/06/29 22:53:55 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Documents.lnk
[2010/06/29 14:54:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 14:52:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:18:56 | 000,000,151 | ---- | M] () -- C:\WINNT\QScreenCapt.ini
[2010/06/27 22:42:25 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Volume Control.lnk
[2010/06/24 20:49:38 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/24 20:48:02 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Watch video.bat.lnk
[2010/06/24 20:10:33 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Mimi.lnk
[2010/06/24 07:39:25 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Household.lnk
[2010/06/23 22:11:30 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.NET.lnk
[2010/06/23 22:10:25 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/06/23 21:16:28 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 09:31:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PureText.lnk
[2010/06/22 23:07:24 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/06/22 21:09:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Arachnophilia.lnk
[2010/06/21 21:36:48 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Web.lnk
[2010/06/21 15:32:30 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Word 2007.lnk
[2010/06/21 13:48:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Automate macros.lnk
[2010/06/21 08:43:47 | 000,000,508 | ---- | M] () -- C:\WINNT\win.ini
[2010/06/21 08:43:44 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/06/21 08:00:36 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Work.lnk
[2010/06/21 07:09:54 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mimi.lnk
[2010/06/20 21:54:55 | 000,000,143 | ---- | M] () -- C:\WINNT\System32\AddPort.ini
[2010/06/20 21:54:21 | 000,000,606 | ---- | M] () -- C:\WINNT\hpntwksetup.ini
[2010/06/20 21:39:07 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/06/20 21:39:07 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/06/20 21:39:07 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/20 21:39:07 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/06/20 21:39:02 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DVDFab 7.lnk
[2010/06/20 21:17:22 | 000,000,998 | ---- | M] () -- C:\WINNT\unins001.dat
[2010/06/20 21:17:21 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickMonth Calendar.lnk
[2010/06/20 21:17:08 | 000,691,486 | ---- | M] () -- C:\WINNT\unins001.exe
[2010/06/20 21:09:40 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\GridMove.lnk
[2010/06/20 21:04:53 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk
[2010/06/20 21:02:24 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Software.lnk
[2010/06/20 21:01:15 | 000,325,112 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/06/20 20:52:23 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SmartDraw 7.lnk
[2010/06/20 20:34:50 | 000,015,223 | ---- | M] () -- C:\WINNT\System32\ameulas.dll
[2010/06/20 20:34:47 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoMate Task Service.lnk
[2010/06/20 20:34:08 | 000,000,023 | ---- | M] () -- C:\WINNT\System32\sco32.dll
[2010/06/20 13:36:17 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MyBook.lnk
[2010/06/20 10:16:09 | 000,072,748 | ---- | M] (Jordan Russell) -- C:\WINNT\unins000.exe
[2010/06/20 10:16:09 | 000,000,654 | ---- | M] () -- C:\WINNT\unins000.dat
[2010/06/20 03:01:04 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/06/19 23:15:10 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\User\Desktop\D drive (DVD-RW).lnk
[2010/06/19 23:15:04 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\C drive.lnk
[2010/06/19 22:53:28 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
[2010/06/19 22:53:28 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010/06/19 22:49:57 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\User\Desktop\References.lnk
[2010/06/19 22:49:43 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Job search.lnk
[2010/06/19 22:49:42 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Konsepsyon.lnk
[2010/06/19 22:49:40 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Codex.lnk
[2010/06/19 22:49:37 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spark Institute.lnk
[2010/06/19 22:40:03 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DVD Rips.lnk
[2010/06/19 22:39:55 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Video.lnk
[2010/06/19 22:39:52 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Photos.lnk
[2010/06/19 22:39:49 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\File Cabinet.lnk
[2010/06/19 22:39:44 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Backups.lnk
[2010/06/19 22:39:42 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Audio.lnk
[2010/06/19 22:38:51 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\WallMaster Pro.lnk
[2010/06/19 19:49:17 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Control Panel.lnk
[2010/06/07 20:16:01 | 000,763,832 | ---- | M] () -- C:\WINNT\BDTSupport.dll.old
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 09:10:58 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\User\Desktop\GMER.lnk
[2010/07/05 09:09:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis (2).lnk
[2010/07/05 09:05:23 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - IE popping up ad windows at random.URL
[2010/07/02 16:52:42 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Altium Designer 2004 (SP3).lnk
[2010/07/01 19:21:11 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/06/30 08:44:08 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Blackline workspace.lnk
[2010/06/30 01:12:42 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/06/29 21:38:52 | 000,763,832 | ---- | C] () -- C:\WINNT\BDTSupport.dll.old
[2010/06/29 15:01:12 | 000,000,408 | -H-- | C] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2010/06/29 14:54:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 14:52:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2010/06/24 20:48:02 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Watch video.bat.lnk
[2010/06/24 20:10:33 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Mimi.lnk
[2010/06/24 07:39:25 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Household.lnk
[2010/06/23 22:12:35 | 000,000,151 | ---- | C] () -- C:\WINNT\QScreenCapt.ini
[2010/06/23 22:10:25 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/06/23 21:14:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 21:09:42 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Arachnophilia.lnk
[2010/06/21 21:36:48 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Web.lnk
[2010/06/21 13:48:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Automate macros.lnk
[2010/06/21 08:00:36 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Work.lnk
[2010/06/21 07:09:54 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mimi.lnk
[2010/06/20 21:54:55 | 000,000,143 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2010/06/20 21:54:54 | 000,009,864 | R--- | C] () -- C:\WINNT\System32\hptcpmui.hlp
[2010/06/20 21:54:54 | 000,009,820 | R--- | C] () -- C:\WINNT\System32\hpipxmui.hlp
[2010/06/20 21:54:54 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2010/06/20 21:54:29 | 000,749,568 | R--- | C] () -- C:\WINNT\System32\agissi.dll
[2010/06/20 21:54:28 | 000,805,928 | R--- | C] () -- C:\WINNT\System32\hp2600n.img
[2010/06/20 21:54:27 | 011,194,368 | R--- | C] () -- C:\WINNT\System32\zhhp_res.dll
[2010/06/20 21:54:26 | 000,327,680 | R--- | C] () -- C:\WINNT\System32\zshp2600.exe
[2010/06/20 21:54:26 | 000,241,664 | R--- | C] () -- C:\WINNT\System32\zhhp2600.exe
[2010/06/20 21:54:25 | 000,114,688 | R--- | C] () -- C:\WINNT\System32\vshp2600.dll
[2010/06/20 21:54:25 | 000,007,294 | R--- | C] () -- C:\WINNT\System32\ZSHP2600.HLP
[2010/06/20 21:53:42 | 000,000,606 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2010/06/20 21:39:15 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.log
[2010/06/20 21:39:07 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/06/20 21:39:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/20 21:39:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/06/20 21:39:02 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DVDFab 7.lnk
[2010/06/20 21:17:21 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickMonth Calendar.lnk
[2010/06/20 21:17:14 | 000,691,486 | ---- | C] () -- C:\WINNT\unins001.exe
[2010/06/20 21:17:14 | 000,000,998 | ---- | C] () -- C:\WINNT\unins001.dat
[2010/06/20 21:09:40 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\GridMove.lnk
[2010/06/20 21:05:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2010/06/20 21:04:53 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk
[2010/06/20 20:53:52 | 000,000,448 | ---- | C] () -- C:\WINNT\tasks\SDMsgUpdate (SD).job
[2010/06/20 20:52:23 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SmartDraw 7.lnk
[2010/06/20 20:43:03 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Excel 2007.lnk
[2010/06/20 20:42:58 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Word 2007.lnk
[2010/06/20 20:34:50 | 000,015,223 | ---- | C] () -- C:\WINNT\System32\ameulas.dll
[2010/06/20 20:34:47 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoMate Task Service.lnk
[2010/06/20 20:34:40 | 000,057,856 | ---- | C] () -- C:\WINNT\System32\UnisynLib.dll
[2010/06/20 20:34:21 | 000,109,568 | ---- | C] () -- C:\WINNT\System32\AMJR.dll
[2010/06/20 20:34:17 | 000,006,439 | ---- | C] () -- C:\WINNT\System32\Sbe5_000.cnt
[2010/06/20 20:34:16 | 000,318,592 | ---- | C] () -- C:\WINNT\System32\Sbe5_000.hlp
[2010/06/20 20:34:08 | 000,000,023 | ---- | C] () -- C:\WINNT\System32\sco32.dll
[2010/06/20 13:36:17 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MyBook.lnk
[2010/06/20 10:16:08 | 000,000,654 | ---- | C] () -- C:\WINNT\unins000.dat
[2010/06/19 23:15:10 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\User\Desktop\D drive (DVD-RW).lnk
[2010/06/19 23:15:04 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\User\Desktop\C drive.lnk
[2010/06/19 22:53:28 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
[2010/06/19 22:53:28 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010/06/19 22:50:07 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Blackline GPS.lnk
[2010/06/19 22:49:57 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\User\Desktop\References.lnk
[2010/06/19 22:49:43 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Job search.lnk
[2010/06/19 22:49:42 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Konsepsyon.lnk
[2010/06/19 22:49:40 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Codex.lnk
[2010/06/19 22:49:37 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Spark Institute.lnk
[2010/06/19 22:40:02 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DVD Rips.lnk
[2010/06/19 22:39:55 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Video.lnk
[2010/06/19 22:39:54 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Software.lnk
[2010/06/19 22:39:52 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Photos.lnk
[2010/06/19 22:39:49 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\File Cabinet.lnk
[2010/06/19 22:39:46 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Documents.lnk
[2010/06/19 22:39:44 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Backups.lnk
[2010/06/19 22:39:42 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Audio.lnk
[2010/06/19 22:38:51 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\WallMaster Pro.lnk
[2010/06/19 19:49:17 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Control Panel.lnk
[2009/02/27 14:58:11 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4814.dll
[2009/02/12 12:41:04 | 001,399,880 | ---- | C] () -- C:\WINNT\System32\igklg450.dll
[2009/02/12 12:41:04 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4926.dll
[2009/02/12 12:41:04 | 000,104,636 | ---- | C] () -- C:\WINNT\System32\igmedcompkrn.dll
[2009/02/12 12:41:03 | 001,843,784 | ---- | C] () -- C:\WINNT\System32\igklg400.dll
[2006/06/09 11:06:36 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2006/05/24 16:47:11 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2006/04/18 18:04:53 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2005/07/27 13:54:24 | 000,073,728 | ---- | C] () -- C:\WINNT\System32\TVCtrl.dll
[2005/07/27 13:54:23 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\GenCtrl.dll
[2005/07/27 13:54:23 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\ColorCtr.dll
[2005/07/27 13:54:23 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\Multview.dll
[2005/07/27 13:54:23 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\LCDCtrl.dll
[2005/07/27 13:54:23 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\CRTCtrl.dll
[2005/07/27 13:54:23 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\DTMenuEx.dll
[2005/07/18 11:27:50 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\NTDisUn.dll
[2005/07/18 09:51:39 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2005/07/18 09:51:38 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2005/07/18 09:51:37 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2005/07/18 09:51:33 | 001,466,368 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2005/04/15 16:31:47 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2005/04/15 13:52:58 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2005/04/15 12:45:32 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2005/04/15 12:33:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[2004/10/26 15:39:06 | 003,375,104 | ---- | C] () -- C:\WINNT\System32\qt-mt331.dll
[1999/11/16 12:04:36 | 000,485,376 | ---- | C] () -- C:\WINNT\System32\DrRw40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >




Extras.txt

OTL Extras logfile created on: 7/5/2010 12:24:13 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 99.01 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LATITUDE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINNT\TEMP\AUTMGR32.EXE ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINNT\TEMP\AUTMGR32.EXE ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37CFC56D-8602-4E25-AB1E-DDA891F52C01}" = Altium Designer 2004 (SP3)
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo XPack (DVD Only)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}" = Paint.NET v3.20
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AddressBar" = MuvEnum Address Bar - Windows Explorer Extension
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Altium Designer 2004 Service Pack 4" = Altium Designer 2004 Service Pack 4
"AutoMate 4" = AutoMate 4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Display Driver Setup" = Trident Display Driver
"DVDFab 7_is1" = DVDFab 7.0.1.2 Beta (05/03/2010)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GridMove_is1" = GridMove V1.19.53
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"Icon Restore_is1" = Icon Restore 1.0
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NameIt" = NameIt
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"Q903235" = Internet Explorer Q903235
"QuickMonth Calendar_is1" = QuickMonth Calendar 1.1
"SmartDraw 7" = SmartDraw 7
"TeraCopy_is1" = TeraCopy 1.22
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TrueCrypt" = TrueCrypt
"WallMaster Pro" = WallMaster Pro
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2010 1:39:59 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 7/5/2010 1:57:41 AM | Computer Name = LATITUDE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 7/5/2010 1:57:43 AM | Computer Name = LATITUDE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/5/2010 2:29:15 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 7/5/2010 3:28:23 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x181f17fb.

Error - 7/5/2010 10:25:03 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x00010817.

Error - 7/5/2010 10:46:22 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 7/5/2010 11:06:19 AM | Computer Name = LATITUDE | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.5902.0, P3 1.85.1178.0, P4 1.85.1178.0, P5 trojan_win32_fakecog, P6 NIL,
P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/5/2010 11:09:09 AM | Computer Name = LATITUDE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 7/5/2010 11:09:14 AM | Computer Name = LATITUDE | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 7/4/2010 10:31:37 PM | Computer Name = LATITUDE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/4/2010 10:33:10 PM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/4/2010 10:33:10 PM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/5/2010 1:57:40 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1178.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 7/5/2010 4:08:19 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632576

User:
NT AUTHORITY\NETWORK SERVICE Name: Virus:Win32/Alureon.H ID: 2147632576 Severity:
Severe Category: Virus Path: rootkit:Alureon->redbook Action: %%810 Error Code: 0x800704ec

Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Status: To finish removing spyware and other potentially
unwanted software, restart the computer. To see how to finish removing spyware
and other potentially unwanted software, see this support article on the Microsoft
Security website. Signature Version: AV: 1.85.1178.0, AS: 1.85.1178.0 Engine Version:
1.1.5902.0

Error - 7/5/2010 10:01:14 AM | Computer Name = LATITUDE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/5/2010 10:02:33 AM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/5/2010 10:02:33 AM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/5/2010 11:08:06 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147624544

User:
LATITUDE\User Name: Trojan:Win32/FakeCog ID: 2147624544 Severity: High Category: Worm

Path:
Action: %%808 Error Code: 0x80508023 Error description: The program could not find
the spyware and other potentially unwanted software on this computer. Status: Signature
Version: AV: 1.85.1178.0, AS: 1.85.1178.0 Engine Version: 1.1.5902.0

Error - 7/5/2010 11:09:09 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1178.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally


< End of report >



GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 16:15:09
Windows 5.1.2600 Service Pack 3
Running: 070t9u4j.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\ffryapod.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYSTEM32\DRIVERS\xfzlamon.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A910ED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[5] 4537 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[6] 4514 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[7] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[8] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAYVGPW5.htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA0X67W1.htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[15] 4520 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[16] 4520 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[17] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[18] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAU3WTUN.htm 0 bytes

---- EOF - GMER 1.0.15 ----
Occam
Regular Member
 
Posts: 26
Joined: June 30th, 2010, 3:24 am

Re: IE popping up ad windows at random

Unread postby deltalima » July 6th, 2010, 3:56 am

Hi Occam,

I have access to another virus scanner through my service provider, which I think might be better than MSE


Please do not make any changes at the moment, we can consider this once the computer is clean.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE popping up ad windows at random

Unread postby Occam » July 6th, 2010, 2:56 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6C88000 C:\WINNT\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF68B1000 C:\WINNT\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF1E7000 C:\WINNT\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINNT\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINNT\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINNT\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xAA63A000 C:\WINNT\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xAA4F0000 C:\WINNT\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7382000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAA43D000 C:\WINNT\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF72BE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA22C000 C:\WINNT\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6068000 C:\WINNT\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA366000 C:\WINNT\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA986F000 C:\WINNT\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xA934D000 C:\WINNT\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAA5E2000 C:\WINNT\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF6166000 C:\WINNT\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74D5000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9A56000 C:\WINNT\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7291000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA2EF000 C:\WINNT\System32\drivers\truecrypt.sys 184320 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xF6886000 C:\WINNT\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xBF024000 C:\WINNT\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA90DC000 C:\WINNT\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA2C4000 C:\WINNT\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6C28000 C:\WINNT\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA33E000 C:\WINNT\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7461000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA206000 C:\WINNT\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9107000 C:\WINNT\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA616000 C:\WINNT\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6C50000 C:\WINNT\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6836000 C:\WINNT\SYSTEM32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA3F2000 C:\WINNT\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xAA31C000 C:\WINNT\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF7362000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7487000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74A6000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7277000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF686D000 C:\WINNT\System32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0xF7449000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA14E000 C:\WINNT\System32\Drivers\dump_atapi.sys 98304 bytes
0xA912B000 C:\DOCUME~1\User\LOCALS~1\Temp\ffryapod.sys 94208 bytes
0xF734B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF67F7000 C:\WINNT\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9D01000 C:\WINNT\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6859000 C:\WINNT\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6C74000 C:\WINNT\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806D0000 ACPI_HAL 81152 bytes
0x806D0000 C:\WINNT\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAA3BF000 C:\WINNT\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINNT\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINNT\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF74C4000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF67E6000 C:\WINNT\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7724000 C:\WINNT\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF77B4000 C:\WINNT\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76E4000 C:\WINNT\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7654000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7704000 C:\WINNT\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xF7794000 C:\WINNT\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76D4000 C:\WINNT\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7864000 C:\WINNT\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xAA1B6000 C:\WINNT\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7854000 C:\WINNT\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF77C4000 C:\WINNT\SYSTEM32\DRIVERS\xfzlamon.sys 61440 bytes
0xF7664000 C:\WINNT\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7644000 C:\WINNT\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7784000 C:\WINNT\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77D4000 C:\WINNT\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7624000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7814000 C:\WINNT\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF77F4000 C:\WINNT\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76B4000 C:\WINNT\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF77A4000 C:\WINNT\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7614000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77E4000 C:\WINNT\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7604000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7844000 C:\WINNT\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7824000 C:\WINNT\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7634000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7774000 C:\WINNT\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7804000 C:\WINNT\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7694000 C:\WINNT\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9406000 C:\WINNT\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76C4000 C:\WINNT\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7954000 C:\WINNT\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79D4000 C:\WINNT\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF790C000 C:\WINNT\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7884000 C:\WINNT\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7944000 C:\WINNT\system32\DRIVERS\TMPassthru.sys 28672 bytes (Trend Micro Inc., -)
0xF791C000 C:\WINNT\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7914000 C:\WINNT\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7904000 C:\WINNT\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79C4000 C:\WINNT\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79CC000 C:\WINNT\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF788C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7934000 C:\WINNT\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF793C000 C:\WINNT\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF792C000 C:\WINNT\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79E4000 C:\WINNT\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A1C000 C:\WINNT\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AD0000 C:\WINNT\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7AF4000 C:\WINNT\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA00A000 C:\WINNT\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7AC8000 C:\WINNT\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAA770000 C:\WINNT\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xF7A14000 C:\WINNT\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A18000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA75C000 C:\WINNT\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AB8000 C:\WINNT\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA9B27000 C:\WINNT\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7AD8000 C:\WINNT\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6826000 C:\WINNT\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AD4000 C:\WINNT\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7B76000 C:\WINNT\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B08000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B84000 C:\WINNT\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B74000 C:\WINNT\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B04000 C:\WINNT\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B78000 C:\WINNT\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B7A000 C:\WINNT\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B30000 C:\WINNT\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B36000 C:\WINNT\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B06000 C:\WINNT\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D3E000 C:\WINNT\system32\altio.sys 4096 bytes (Altium Limited, Direct Port IO Access)
0xF7D36000 C:\WINNT\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CEB000 C:\WINNT\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C9B000 C:\WINNT\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BCC000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x05580000 Hidden Image-->Interop.SHDocVw.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 135168 bytes
0x04D50000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 270336 bytes
0x04A00000 Hidden Image-->System.Data.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 3059712 bytes
0x03BE0000 Hidden Image-->BandObjectLib.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 36864 bytes
0x041A0000 Hidden Image-->URLHistoryLibrary.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 36864 bytes
0x03BF0000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 5017600 bytes
0x05520000 Hidden Image-->Newtonsoft.Json.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 86016 bytes
0x04900000 Hidden Image-->System.Data.SQLite.dll [ EPROCESS 0x868EBDA0 ] PID: 892, 860160 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68668800-6B00-4AEA-8F0D-DA40943884CF}\mpasbase.vdm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68668800-6B00-4AEA-8F0D-DA40943884CF}\mpasdlta.vdm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68668800-6B00-4AEA-8F0D-DA40943884CF}\mpavbase.vdm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68668800-6B00-4AEA-8F0D-DA40943884CF}\mpavdlta.vdm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68668800-6B00-4AEA-8F0D-DA40943884CF}\mpengine.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-1.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{510A906D-7BDC-4A9C-9C0D-A5BFC378939D}
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9409B561-EF40-4753-97EE-71D7F3E686D5}
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ads.networldmedia[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ajrotator[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@amgdgt[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ktr.t134[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@linksynergy[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@scorecardresearch[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@videoegg.adbureau[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\47f3a15e2391c4b55a966e91596bdb0a[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\adserv[5].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA07WRM9.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA2DAZWF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA2E4P2X.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA5LC9UA.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA6J8N0H.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA7GA0X4.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CA8V3JVJ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAFY8XFT.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAGHEVUN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAI7W52L.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAIR0X27.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAMRI3OF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CANQC0FU.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAQ04V09.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CASLE70T.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAWTOHGN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\CAYZWHQN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\goad[9].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].com%2Fadserv%2F%3Faff_id%3D20615&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].php%3Faff_id%3D16687&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].php%3Faff_id%3D1931&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[3].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[3].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[4].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[4].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[5].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[5].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[6].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\imp[7].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052F4HAR\vj[1].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\ALLY_Bank_Intro_rate-info[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA1O8ZMG.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA2GYU3E.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA2NK5U7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA2Z0XMV.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA2ZKT2V.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA5RQ71D.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA6D98ER.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA6Z6HIX.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA8P2RST.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CA9OVN5X.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CACA0HCW.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAG38VM5.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAGFFUJS.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAGFQ92F.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAGV4ZSX.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAK1984P.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAL1OXYG.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CASNEBWF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAU4AI5B.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAWTUFW1.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAWUA6QG.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\CAZVXND3.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].php%3Faff_id%3D16687&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[3].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[3].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[3].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[3].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[4].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[4].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[4].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[4].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[4].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[4].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[5].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[5].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[5].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[5].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[6].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[6].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[6].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[7].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[7].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\imp[8].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\index[16].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\812Z0DQZ\json[1].net%2Fst%3Fad_type%3Diframe%26ad_size%3D728x90%26section%3D848449
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8PEJS16F\CA6HXLKQ.html,;ord=1278431060
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8PEJS16F\CAO96XN4.html,;ord=1278430714
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\acb2b4bfab3f9e47b5e2d924b892cd86[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\adserv[5].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\arrow_l[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\bg4[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CA06M48W.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CA2L6L69.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CA4XAV4D.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CA6NWP6J.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAI5AJ2T.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAIDAH6L.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAJ7HN7E.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAJNSR59.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAM78X67.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAMWR69D.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAN9X4QE.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAOLU3OX.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAQDXW77.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAQRA7RC.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CARC75XS.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CASDMNSL.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAUVQD4X.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAWB6ZZQ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAYZGVIF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAZ9PX7J.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\CAZURKMB.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\ccid=20168[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\clkurl=;ord=2110935648[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\EN_728x90[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\getrand[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\grp_title_jpg[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].com%2Fgoad%2F%3Faff_id%3D8092&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].php%3Faff_id%3D12128&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].php%3Faff_id%3D1931&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\index[5].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\index[7].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\index[8].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\index[9].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\pricing_bg[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\pricing_en_ca[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EKSP2WTN\step08[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\5515b5345c6d4f2e5a382aa3e293566a[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\b017e0dfd90397d9dd80002b06dccd5b[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\bg3[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA036VE9.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA0F5NTQ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA0HYROL.html,;ord=1278431830
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA0LARCP.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA2BWJSZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA3Z1PJ8.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CA4J2VS7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAA31ZXU.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAA5AJ27.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAAG6MRJ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAG7I7UZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAGHQBOX.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAGLI3CH.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAIRK9QN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAJ3IELK.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAO5GTEH.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAPMZB1V.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAQ62K4Q.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAQF4HIJ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAS8L6TS.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAS9Y7A5.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CASTM5YL.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CATWYQB0.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAUJN68I.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAWOX976.html,;ord=1278430541
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\evonyxc13[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\flash_counter[12].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\goad[3].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\goad[6].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\grp_btn_gif[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\grp_pricing_jpg[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].com%2Fadserv%2F%3Faff_id%3D20615&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].php%3Faff_id%3D12128&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[3].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[3].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[3].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[3].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[4].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[4].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[4].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[4].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[5].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[5].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[6].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[6].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[7].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\imp[7].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\jstag[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\step01[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\step07[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\swfobject[3].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\tracking[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\bg1[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CA13Y87Q.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAA214GP.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAAXMLIN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAAZOTAF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CACDQLSX.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CACSBNVE.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAE943QR.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAEBSXI7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAEJWXA7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAETWT83.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAF7FORI.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAGPSXKP.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAHFN9W0.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAIJC5U3.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAIP8CKQ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAKDAAF1.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAKXI3AZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAL4W87M.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAM29TFF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAMNCHQ3.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAO34FC5.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAODUF8T.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAQE0SUF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAQVW9IN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CASD6JO9.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CASK5WEE.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAUXEV8H.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAV0BN5E.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAVH6KK8.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAVO3ENQ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAVUNDWI.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAXJCO6C.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAYFUXCP.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\CAZ2XIJT.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\ca_op_rogers[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\flash_counter[9].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].com%2Fgoad%2F%3Faff_id%3D8092&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].php%3Faff_id%3D16687&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[3].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[3].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[3].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[3].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[4].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[4].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[4].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[4].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\imp[5].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\spacer[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\step05[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\submit1_en_ca[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JHVZUOD8\VE2GO_UNILEVER_DOVEGOFRESH_04869_BV_EN_728x90_helper[2].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\adserv[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CA07GELG.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CA4UXVNC.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CA6LS57X.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CA6VO9EN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CA7RKOTX.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CA94Y25Q.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAFCKO45.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAFWETC3.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAG6KF2E.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAGL4GCJ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAGUXL4E.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAH3OHG4.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAIELJ7P.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAIN4XYV.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAK1QQHH.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAK4ZDZ7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAMMNT8Q.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAMPI9QD.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAMZG1YF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAO127MN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAODAF8D.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAOLYVK1.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CATHDBC1.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAWB6DI1.net%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D848449
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAYBI3IN.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAYVSTYF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\CAZ0Q24E.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\ca_op_bellmobility[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\ca_op_northerntel[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\ca_op_virgin[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D10260&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D12128&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D1931&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[3].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[3].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[4].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\imp[5].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\index[8].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\jquery.landing[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\step03[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K5YL0B6B\step10[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\ALLY_Bank_Intro_rate-info[3].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\CAANCX2Z.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\CAEFW96F.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\CAEJGXE7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\CAIJKNQJ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\CAK9QLWV.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KXARWHIB\index[3].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\ALLY_Bank_Intro_rate-info[11].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA4GZ79T.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA4TSZ6L.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA60T9M5.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA63TGEB.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA71ZDKE.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA89U3SH.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CA8H6Z41.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAABK12R.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAC5CFIZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAD7LPK2.html,;ord=1278431142
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CADDRXKI.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAG561MZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAGH6BKH.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAGTS1S1.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAHFGQJ5.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAIFS1I7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAIIN2IG.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAMT2N4Z.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\canada_flag[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAO16ZK9.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAS1G3OL.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CATA6RBU.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CATIW55X.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAUDBRT6.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAWZ41E9.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAY7WDYZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAYBOP2R.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAYGCZS2.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAYYJKOI.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAZIXW5R.html,;ord=1278432175
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\CAZM56PI.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\ca_op_telus[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\gladiatus_r[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].com%2Fadserv%2F%3Faff_id%3D20615&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].com%2Fgoad%2F%3Faff_id%3D8092&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D10260&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D12128&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D16687&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D1931&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].com%2Fadserv%2F%3Faff_id%3D20615&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[2].php%3Ffrom_aff&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[3].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[3].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[3].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[3].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[4].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[4].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[4].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[4].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[4].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[5].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[5].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[5].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[5].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[6].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[6].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[6].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[6].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[7].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[7].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[7].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[7].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[8].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[8].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[8].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[8].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\imp[9].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\index[4].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\jquery.text_deathclock[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\title_en_ca[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\track[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXQVUXAP\VE2GO_UNILEVER_DOVEGOFRESH_04869_BV_EN_728x90[2].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\bg2[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA0HQF0H.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA0LUZ05.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA0WVRBP.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA2FUNSF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA3XCGFY.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA458V2X.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA47NN5E.com%2Fgoad%2F%3Faff_id%3D219,
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA4L0V8V.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA6349MZ.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA91H5EE.htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAAMMYHE.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAC1YVOT.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CACJYB8N.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAD9CVQL.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAEF0NRV.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAGOLDJI.html,;ord=1278431315
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAI7ST2V.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAOJIBQF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAQM8U2N.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAQTGTAF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CATAZZXA.html,;ord=1278430541
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAURORK9.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAWHEZ8R.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAWJNYF7.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAXJZFP4.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAYSHRBF.swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\ca_op_sasktel[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].com%2Fadserv%2F%3Faff_id%3D20615&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].com%2Fgoad%2F%3Faff_id%3D8092&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].php%3Faff_id%3D10260&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[1].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].com%2Fadserv%2F%3Faff_id%3D980&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].php%3Faff_id%3D10260&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[2].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[3].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[3].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[3].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[3].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[3].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[4].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[4].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[4].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[4].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[4].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[5].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[5].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[5].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[5].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[5].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[6].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[6].php%3Faff_id%3D10940&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[6].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[6].php%3Faff_id%3D15754&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[6].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[7].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[7].php%3Faff_id%3D13246&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[7].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[8].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[8].php%3Faff_id%3D3813&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\imp[9].com%2Fgoad%2F%3Faff_id%3D219&r=0
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\index[8].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\landing[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\step06[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\theme[1].css
!-->[Hidden] C:\WINNT\Prefetch\AM_DELTA_PATCH1.EXE-1D373FF9.pf
!-->[Hidden] C:\WINNT\SoftwareDistribution\DataStore\Logs\edb001D4.log
!-->[Hidden] C:\WINNT\SoftwareDistribution\DataStore\Logs\edbtmp.log
!-->[Hidden] C:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb
!-->[Hidden] C:\WINNT\SoftwareDistribution\Download\7375cc3ba80f023e9f81ef5b3f50abdaac031a03
!-->[Hidden] C:\WINNT\SoftwareDistribution\Download\Install\AM_Delta_Patch1.exe
!-->[Hidden] C:\WINNT\SoftwareDistribution\EventCache\{E95B5EC0-D95E-405C-8251-4C28FA166EE0}.bin
!-->[Hidden] C:\WINNT\Temp\Temporary Internet Files\Content.IE5\012RG5UJ\http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B9244bfb0b9375116%253B12987669b08%2C0%253B%253B%253B2839749747%2CzBJxACUTEADuDVUAAAAAAKVGFwAAAAAAAAEcAQYAAAAAAAcAAQADGCUbHAAAAAAAE4sYAA[1].htm0
!-->[Hidden] C:\WINNT\Temp\Temporary Internet Files\Content.IE5\012RG5UJ\http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Babb01123db20a66a%253B129878bb81b%2C0%253B%253B%253B2556473181%2CzBJxACUTEADuDVUAAAAAABw6FwAAAAAAAAAkAAYAAAAAAAoAAgAEASUbHAAAAAAAE4sYAA[1].htm0
!-->[Hidden] C:\WINNT\Temp\Temporary Internet Files\Content.IE5\012RG5UJ\http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bacaffb2aa11e8d32%253B1298794fd74%2C0%253B%253B%253B644878536%2CzBJxACUTEADuDVUAAAAAABw6FwAAAAAAAAA4AAYAAAAAAAgAAwAEASUbHAAAAAAAE4sYAAA[1].htm0
!-->[Hidden] C:\WINNT\Temp\Temporary Internet Files\Content.IE5\012RG5UJ\http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bb23fa8371f62bb69%253B129875fdab9%2C0%253B%253B%253B2222364762%2CzBJxACUTEADuDVUAAAAAAKVGFwAAAAAAAgHoAAYAAAAAAP8AAAADGCUbHAAAAAAAE4sYAA[1].htm0
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA8A, Type: Inline - RelativeJump 0x80541A8A-->80541A91 [ntkrnlpa.exe]
[892]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[892]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[892]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[892]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[892]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[892]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->00000000 [shimeng.dll]
[892]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

-----------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4282

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/6/2010 12:45:30 PM
mbam-log-2010-07-06 (12-45-30).txt

Scan type: Quick scan
Objects scanned: 154593
Time elapsed: 18 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\Temp\ubGX.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\Temp\AUTMGR32.EXE (Trojan.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
Occam
Regular Member
 
Posts: 26
Joined: June 30th, 2010, 3:24 am

Re: IE popping up ad windows at random

Unread postby deltalima » July 6th, 2010, 3:07 pm

Hi Occam,

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: only run this fix once.
  • Double click TDSSKiller.exe to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 13.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE popping up ad windows at random

Unread postby Occam » July 6th, 2010, 7:02 pm

17:00:04:348 0312 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
17:00:04:348 0312 ================================================================================
17:00:04:348 0312 SystemInfo:

17:00:04:348 0312 OS Version: 5.1.2600 ServicePack: 3.0
17:00:04:348 0312 Product type: Workstation
17:00:04:348 0312 ComputerName: LATITUDE
17:00:04:348 0312 UserName: User
17:00:04:348 0312 Windows directory: C:\WINNT
17:00:04:348 0312 System windows directory: C:\WINNT
17:00:04:348 0312 Processor architecture: Intel x86
17:00:04:348 0312 Number of processors: 1
17:00:04:348 0312 Page size: 0x1000
17:00:04:348 0312 Boot type: Normal boot
17:00:04:348 0312 ================================================================================
17:00:04:518 0312 Initialize success
17:00:04:518 0312
17:00:04:518 0312 Scanning Services ...
17:00:04:958 0312 Raw services enum returned 347 services
17:00:04:968 0312
17:00:04:968 0312 Scanning Drivers ...
17:00:05:870 0312 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINNT\system32\DRIVERS\ABP480N5.SYS
17:00:05:970 0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys
17:00:06:040 0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
17:00:06:110 0312 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINNT\system32\DRIVERS\adpu160m.sys
17:00:06:200 0312 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINNT\system32\drivers\aeaudio.sys
17:00:06:270 0312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
17:00:06:360 0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINNT\System32\drivers\afd.sys
17:00:06:461 0312 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINNT\system32\DRIVERS\AGRSM.sys
17:00:06:581 0312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINNT\System32\DRIVERS\agp440.sys
17:00:06:671 0312 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINNT\System32\DRIVERS\agpCPQ.sys
17:00:06:741 0312 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINNT\system32\DRIVERS\aha154x.sys
17:00:06:781 0312 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINNT\system32\DRIVERS\aic78u2.sys
17:00:06:811 0312 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINNT\system32\DRIVERS\aic78xx.sys
17:00:06:871 0312 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINNT\system32\DRIVERS\aliide.sys
17:00:06:931 0312 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINNT\System32\DRIVERS\alim1541.sys
17:00:07:001 0312 altio (5e90a956526086634547bf8093feb699) C:\WINNT\system32\altio.sys
17:00:07:101 0312 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINNT\System32\DRIVERS\amdagp.sys
17:00:07:182 0312 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINNT\system32\DRIVERS\amsint.sys
17:00:07:272 0312 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINNT\system32\DRIVERS\Apfiltr.sys
17:00:07:342 0312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINNT\system32\DRIVERS\arp1394.sys
17:00:07:412 0312 asc (62d318e9a0c8fc9b780008e724283707) C:\WINNT\system32\DRIVERS\asc.sys
17:00:07:482 0312 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINNT\system32\DRIVERS\asc3350p.sys
17:00:07:522 0312 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINNT\system32\DRIVERS\asc3550.sys
17:00:07:572 0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
17:00:07:612 0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\DRIVERS\atapi.sys
17:00:07:702 0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
17:00:07:802 0312 ATSWPDRV (d19c1309c83123647b233a71e8a05683) C:\WINNT\system32\Drivers\ATSwpDrv.sys
17:00:07:873 0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
17:00:07:923 0312 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINNT\system32\DRIVERS\b57xp32.sys
17:00:07:953 0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
17:00:07:993 0312 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\DRIVERS\cbidf2k.sys
17:00:08:033 0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
17:00:08:073 0312 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINNT\system32\DRIVERS\cd20xrnt.sys
17:00:08:093 0312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
17:00:08:143 0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
17:00:08:203 0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys
17:00:08:293 0312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINNT\system32\DRIVERS\CmBatt.sys
17:00:08:373 0312 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINNT\system32\DRIVERS\cmdide.sys
17:00:08:413 0312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINNT\system32\DRIVERS\compbatt.sys
17:00:08:453 0312 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINNT\system32\DRIVERS\cpqarray.sys
17:00:08:493 0312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINNT\system32\DRIVERS\dac2w2k.sys
17:00:08:524 0312 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINNT\system32\DRIVERS\dac960nt.sys
17:00:08:574 0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys
17:00:08:634 0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
17:00:08:734 0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys
17:00:08:744 0312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
17:00:08:764 0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys
17:00:08:804 0312 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINNT\system32\DRIVERS\dpti2o.sys
17:00:08:844 0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys
17:00:08:874 0312 E1000 (8179a01475f75417011e27e322c7e0e3) C:\WINNT\system32\DRIVERS\e1000325.sys
17:00:08:954 0312 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINNT\system32\DRIVERS\e100b325.sys
17:00:08:994 0312 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINNT\system32\DRIVERS\e1e5132.sys
17:00:09:024 0312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
17:00:09:074 0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\drivers\Fdc.sys
17:00:09:124 0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
17:00:09:144 0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\drivers\Flpydisk.sys
17:00:09:184 0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
17:00:09:194 0312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
17:00:09:235 0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
17:00:09:255 0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
17:00:09:295 0312 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINNT\system32\Drivers\oz776.sys
17:00:09:335 0312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINNT\system32\DRIVERS\HDAudBus.sys
17:00:09:405 0312 HECI (66fed3eeabdce17829edf4c68702ed22) C:\WINNT\system32\DRIVERS\HECI.sys
17:00:09:545 0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys
17:00:09:825 0312 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINNT\system32\DRIVERS\hpn.sys
17:00:09:936 0312 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINNT\system32\DRIVERS\HSFHWAZL.sys
17:00:10:016 0312 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINNT\system32\DRIVERS\HSF_DPV.sys
17:00:10:186 0312 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINNT\system32\Drivers\HTTP.sys
17:00:10:256 0312 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINNT\system32\drivers\i2omgmt.sys
17:00:10:316 0312 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINNT\system32\DRIVERS\i2omp.sys
17:00:10:366 0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
17:00:10:607 0312 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINNT\system32\DRIVERS\igxpmp32.sys
17:00:10:907 0312 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINNT\system32\DRIVERS\iaStor.sys
17:00:10:967 0312 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINNT\system32\DRIVERS\IFXTPM.SYS
17:00:11:027 0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys
17:00:11:077 0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINNT\system32\DRIVERS\ini910u.sys
17:00:11:287 0312 IntcAzAudAddService (00c5e8161d71f6a51885026e1853c027) C:\WINNT\system32\drivers\RtkHDAud.sys
17:00:11:548 0312 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\DRIVERS\intelide.sys
17:00:11:598 0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys
17:00:11:648 0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
17:00:11:728 0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
17:00:11:758 0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
17:00:11:788 0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
17:00:11:808 0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
17:00:11:848 0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
17:00:11:878 0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys
17:00:11:968 0312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys
17:00:12:019 0312 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINNT\system32\drivers\klmd.sys
17:00:12:059 0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
17:00:12:089 0312 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINNT\system32\drivers\KSecDD.sys
17:00:12:149 0312 mdmxsdk (195741aee20369980796b557358cd774) C:\WINNT\system32\DRIVERS\mdmxsdk.sys
17:00:12:229 0312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
17:00:12:339 0312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
17:00:12:379 0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys
17:00:12:459 0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys
17:00:12:499 0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
17:00:12:539 0312 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINNT\system32\DRIVERS\MpFilter.sys
17:00:12:649 0312 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINNT\system32\DRIVERS\mraid35x.sys
17:00:12:750 0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys
17:00:12:840 0312 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINNT\system32\DRIVERS\mrxsmb.sys
17:00:12:880 0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
17:00:12:920 0312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
17:00:12:980 0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
17:00:13:050 0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
17:00:13:090 0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
17:00:13:130 0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys
17:00:13:160 0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
17:00:13:200 0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys
17:00:13:230 0312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
17:00:13:250 0312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
17:00:13:280 0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINNT\system32\drivers\NDProxy.sys
17:00:13:300 0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
17:00:13:320 0312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
17:00:13:441 0312 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINNT\system32\DRIVERS\NETw3x32.sys
17:00:13:661 0312 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINNT\system32\DRIVERS\NETw4x32.sys
17:00:13:921 0312 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINNT\system32\DRIVERS\NETw5x32.sys
17:00:14:082 0312 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINNT\system32\DRIVERS\nic1394.sys
17:00:14:112 0312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
17:00:14:202 0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
17:00:14:262 0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
17:00:14:452 0312 nv (41bea0680a04740113b0b0678a007e96) C:\WINNT\system32\DRIVERS\nv4_mini.sys
17:00:14:622 0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
17:00:14:672 0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
17:00:14:752 0312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINNT\system32\DRIVERS\ohci1394.sys
17:00:14:803 0312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\DRIVERS\parport.sys
17:00:14:843 0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
17:00:14:893 0312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
17:00:14:953 0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys
17:00:15:053 0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
17:00:15:123 0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\DRIVERS\pcmcia.sys
17:00:15:183 0312 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINNT\system32\Drivers\pcouffin.sys
17:00:15:253 0312 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINNT\system32\DRIVERS\perc2.sys
17:00:15:273 0312 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINNT\system32\DRIVERS\perc2hib.sys
17:00:15:303 0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
17:00:15:323 0312 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINNT\system32\DRIVERS\processr.sys
17:00:15:353 0312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINNT\system32\DRIVERS\psched.sys
17:00:15:373 0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
17:00:15:413 0312 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINNT\system32\DRIVERS\ql1080.sys
17:00:15:484 0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINNT\system32\DRIVERS\ql10wnt.sys
17:00:15:504 0312 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINNT\system32\DRIVERS\ql12160.sys
17:00:15:524 0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINNT\system32\DRIVERS\ql1240.sys
17:00:15:544 0312 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINNT\system32\DRIVERS\ql1280.sys
17:00:15:574 0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
17:00:15:624 0312 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINNT\system32\DRIVERS\rasirda.sys
17:00:15:694 0312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
17:00:15:734 0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
17:00:15:784 0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
17:00:15:834 0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
17:00:15:864 0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
17:00:15:904 0312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys
17:00:16:004 0312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys
17:00:16:044 0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\REDBOOK.SYS
17:00:16:124 0312 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINNT\system32\DRIVERS\sdbus.sys
17:00:16:175 0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
17:00:16:225 0312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys
17:00:16:245 0312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys
17:00:16:315 0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\DRIVERS\sfloppy.sys
17:00:16:345 0312 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINNT\System32\DRIVERS\sisagp.sys
17:00:16:425 0312 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINNT\system32\DRIVERS\smcirda.sys
17:00:16:495 0312 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINNT\system32\drivers\smwdm.sys
17:00:16:545 0312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINNT\system32\DRIVERS\sparrow.sys
17:00:16:575 0312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
17:00:16:605 0312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\System32\DRIVERS\sr.sys
17:00:16:675 0312 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINNT\system32\DRIVERS\srv.sys
17:00:16:755 0312 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINNT\system32\drivers\sthda.sys
17:00:16:916 0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
17:00:16:966 0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys
17:00:17:036 0312 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINNT\system32\DRIVERS\symc810.sys
17:00:17:096 0312 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINNT\system32\DRIVERS\symc8xx.sys
17:00:17:146 0312 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINNT\system32\DRIVERS\sym_hi.sys
17:00:17:176 0312 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINNT\system32\DRIVERS\sym_u3.sys
17:00:17:256 0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys
17:00:17:316 0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
17:00:17:466 0312 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\WINNT\system32\Drivers\tcusb.sys
17:00:17:546 0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
17:00:17:607 0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
17:00:17:667 0312 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
17:00:17:697 0312 TMPassthru (f9e86952f5e03e60b3393179e3187151) C:\WINNT\system32\DRIVERS\TMPassthru.sys
17:00:17:707 0312 TMPassthruMP (f9e86952f5e03e60b3393179e3187151) C:\WINNT\system32\DRIVERS\TMPassthru.sys
17:00:17:767 0312 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINNT\system32\DRIVERS\toside.sys
17:00:17:897 0312 tridxp4 (87469be05bf6b12027ac7b40d059b613) C:\WINNT\system32\DRIVERS\tridxp4m.sys
17:00:18:017 0312 truecrypt (0f36134bc7897ac0b038b64fa23c4df9) C:\WINNT\system32\drivers\truecrypt.sys
17:00:18:358 0312 tsdhd (01991b3ce900fa7154adcce6e2936c55) C:\WINNT\system32\DRIVERS\tsdhd.sys
17:00:18:398 0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
17:00:18:468 0312 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINNT\system32\DRIVERS\ultra.sys
17:00:18:588 0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
17:00:18:628 0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys
17:00:18:688 0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys
17:00:18:748 0312 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
17:00:18:798 0312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys
17:00:18:848 0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
17:00:18:918 0312 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINNT\System32\DRIVERS\viaagp.sys
17:00:18:989 0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINNT\system32\DRIVERS\viaide.sys
17:00:19:119 0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys
17:00:19:269 0312 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINNT\system32\DRIVERS\w29n51.sys
17:00:19:690 0312 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINNT\system32\DRIVERS\w70n51.sys
17:00:19:920 0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
17:00:20:020 0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
17:00:20:100 0312 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINNT\system32\DRIVERS\HSF_CNXT.sys
17:00:20:190 0312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINNT\system32\DRIVERS\wmiacpi.sys
17:00:20:290 0312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINNT\System32\drivers\ws2ifsl.sys
17:00:20:361 0312 yukonwxp (bac4e920c920168c302c90c0f37740f6) C:\WINNT\system32\DRIVERS\yk51x86.sys
17:00:20:381 0312
17:00:20:381 0312 Completed
17:00:20:381 0312
17:00:20:381 0312 Results:
17:00:20:381 0312 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:00:20:381 0312 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:00:20:381 0312
17:00:20:381 0312 KLMD(ARK) unloaded successfully
Occam
Regular Member
 
Posts: 26
Joined: June 30th, 2010, 3:24 am

Re: IE popping up ad windows at random

Unread postby deltalima » July 7th, 2010, 4:06 am

Hi Occam,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please let me know if you are connected to the Internet through a router and also let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE popping up ad windows at random

Unread postby Occam » July 7th, 2010, 11:41 am

It took about 5 minutes to complete the scan. For a moment there I thought it had hung up, but it did complete fine.

The PC appears to be running very well now. It has done since RKUnHooker and Malwarebytes Anti-Malware were run.

I know for certain that the windows stopped opening up because I had the machine logging every time IE popped up. They stopped once MAM was run.

I am connected through a router. No difficulties on my network. I have other machines, none of them appear to be affected.

For references, symptoms were as follows:
    IE pops up ad windows at random intervals, 10-30 minutes apart
    "Hide extensions for known file types" in Windows Explorer keeps being activated
    After a while, a lot of "Internet Explorer has encountered an error" windows, when IE crashed instead of opening

I'm sure there were other things going on - my antivirus software was doing a brisk business.

Any idea what it was, and how I got it? Obviously I'd like to avoid a repeat.

Thanks!
Occam
Regular Member
 
Posts: 26
Joined: June 30th, 2010, 3:24 am

Re: IE popping up ad windows at random

Unread postby deltalima » July 7th, 2010, 1:48 pm

Hi Occam,

The PC appears to be running very well now


Excellent.

Any idea what it was, and how I got it? Obviously I'd like to avoid a repeat.


Malwarebytes removed a couple of Trojans, it's difficult to say exactly how these arrived on the computer but I notice that you have Internet Explorer version 6, Microsoft are keen to have everyone upgrade to version 8 and this will greatly improve your security (even if you don't use IE it's worth updating). Follow the instructions below to make sure everything is updated at Microsoft Updates.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version


Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE popping up ad windows at random

Unread postby Occam » July 7th, 2010, 2:36 pm

Thank you!!!!
Occam
Regular Member
 
Posts: 26
Joined: June 30th, 2010, 3:24 am

Re: IE popping up ad windows at random

Unread postby deltalima » July 7th, 2010, 2:39 pm

You're welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE popping up ad windows at random

Unread postby NonSuch » July 7th, 2010, 3:43 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware