Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ad.yieldmanager.com and other IE ads pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 9th, 2010, 4:54 pm

Hi,

once in a while an unwanted IE pop up appears. a short sniffing (using Wireshark) reveals DNS queries such as these:

ad.yieldmanager.com
ad.spot200.com
ad.seeknet2.com
ad.reduxmedia.com
ad.foxnetworks.com
ib.adnxs.com
ad.media-servers.net
ad.globe7.com

etc...

i have tried using Adaware, Spybot S&D, RemoveIT Pro v4 - SE and Malwarebytes' Anti-Malware. all of them find some infected cookies and fix them, but the problem is not resolved.
after using DDS i have noticed the entry "Advertising Center" under "Installed Programs". since i suspected it was the reason for the annoying pop ups, i looked it up in the add/remove programs list. it wasn't there. so i used TuneUp Utilities 2009 advanced uninstall feature to remove it. after running DDS again, there is no indication for "Advertising Center" but the behavior remained the same.

waiting for your guidance and thanks in advance for anyone trying to help!


hijackthis.log
==========


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:44:57 PM, on 8/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///E:/setup/RiffLick.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1890553279
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9591 bytes




uninstall_list.txt
============


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Amazing Slow Downer (remove only)
Any Video Converter Professional 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVI/MPEG/RM/WMV Splitter 4.28
Band-in-a-Box 2008
Battlefield: Bad Company™ 2
Beyond Compare Version 3.1.11
Bonjour
CodeMeter Runtime Kit v4.01
CoreAVC Professional Edition (remove only)
EA Download Manager
ESET NOD32 Antivirus
Eset-NOD32: Fix Dasumo v3.2 hasta el 2038
FlashGet 1.9.6.1073
Foxit Reader
Fraps (remove only)
General MIDI Module
Guitar Pro 5.2
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InFlac 1.1.1
iTunes
Java DB 10.5.3.0
Java(TM) 6 Update 18
KillWinamp 1.61
K-Lite Codec Pack 5.3.0 (Full)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
M-Audio KeyStudio 49i USB
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Web Authoring Component
Mp3tag v2.46a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 9 HD
Nero 9 Trial
neroxml
Norton PartitionMagic 8.0
Notepad++
Nuclear Coffee - VideoGet
NVIDIA DVD Decoder
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
Panda ActiveScan 2.0
PG Music DirectX Plugins 2.0.0.0
Picasa 3
QuickTime
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RemoveIT Pro v4 - SE
Rockstar Games Social Club
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
Spybot - Search & Destroy
SpywareGuard v2.2
Steam
The KMPlayer (remove only)
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vegas Movie Studio Platinum 9.0
Virtual Sound Canvas DXi
Virtual Sound Canvas VST
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Install Pack
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.1
WD SmartWare
webcamXP Lite
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPcap 4.1.1
WinRAR archiver
Wireshark 1.2.9
Your Uninstaller! 2010
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm
Advertisement
Register to Remove

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 12th, 2010, 7:15 am

Hi ThreadKiller,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 12th, 2010, 1:25 pm

Hi deltalima , and thanks for helping me!

here is the information you have requested:


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J
Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8=
Windows Product ID: 76487-640-8365391-23457
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {FAF17175-63EB-422C-9A98-EF1F11FE4538}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
Microsoft Office Project Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FAF17175-63EB-422C-9A98-EF1F11FE4538}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPK3J</PKey><PID>76487-640-8365391-23457</PID><PIDType>1</PIDType><SID>S-1-5-21-1614895754-963894560-682003330</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP43-DS3L</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F8</Version><SMBIOSVersion major="2" minor="4"/><Date>20080922000000.000000+000</Date></BIOS><HWID>D2843E4701842E79</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Jerusalem Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65942</Pid><PidType>14</PidType></Product><Product GUID="{90120000-003B-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2007</Name><Ver>12</Ver><Val>3AB862DE70D8D86</Val><Hash>UfpXsJvSSVcPufbDdjd0NK73+ug=</Hash><Pid>89403-707-4159871-63990</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="3A" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 14690:SYNNEX TECHNOLOGY INTERNATIONAL CORP|14690:SYNNEX TECHNOLOGY INTERNATIONAL CORP|14690:SYNNEX TECHNOLOGY INTERNATIONAL CORP
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A




CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 12th, 2010, 2:41 pm

Hi ThreadKiller,

Please could you tell me what the following program is used for?

Eset-NOD32: Fix Dasumo v3.2 hasta el 2038
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 12th, 2010, 3:19 pm

i don't know.
anyway, since i don't remember installing it, and since it appeared in the "add/remove programs", i uninstall it and updated the virus signature database.
i hope that is OK?..
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 12th, 2010, 3:21 pm

Hi ThreadKiller,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 12th, 2010, 4:04 pm

regarding GMER Rootkit Scanner - every time i start it gives me a warning about 2 or 3 iexplorer.exe (*** hidden ***) processes.
just to be on the safe side, you instructed me that if that happen, i should "click NO" and then "Run Gmer again and click on the Rootkit tab."
however, i get this warning every time i run GMER. my question is:
should i click NO and then continue with the next steps, or should i try to run/close GMER several times, until i don't get that warning, and only then continue the next steps?
maybe you want me to run GMER in safe mode and see what happens?...


Thanks,
ThreadKiller
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 12th, 2010, 4:11 pm

Yes please try safemode.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 12th, 2010, 5:15 pm

wow, this is getting frustrating... OTL was no problem but GMER... totally different story.

this is what happened in the last hours:
- as instructed, ran GMER (u50pjz0o.exe) in safe mode. no warnings. checked and unchecked as instructed. ran scan - during scan windows crash and i got a blue screen.
- restart computer in safe mode. ran GMER again (u50pjz0o.exe). no warnings. checked and unchecked as instructed. ran scan - during scan windows crash and i got a blue screen again.
- restart computer in safe mode. ran GMER again (u50pjz0o.exe). i got a warning about 5 (*** hidden ***) iexplorer.exe processes.
- restart computer in safe mode. ran GMER again (u50pjz0o.exe). i got a the same warning.
- restart computer in normal mode. download again GMER - different file name (kr95pxf2.exe).
- restart computer in safe mode. run GMER (kr95pxf2.exe). no warnings. during scan windows crash again (blue screen).
- restart computer in safe mode, run GMER (kr95pxf2.exe). i got a warning about 3 (*** hidden ***) iexplorer.exe processes.

wow.
any ideas?

p.s.
here are OTL logs:

OTL.txt
======


OTL logfile created on: 8/11/2010 22:42:58 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Omer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.62 Gb Total Space | 149.09 Gb Free Space | 67.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 244.14 Gb Total Space | 243.17 Gb Free Space | 99.60% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1396.61 Gb Total Space | 835.72 Gb Free Space | 59.84% Space Free | Partition Type: NTFS

Computer Name: THREADKILLER
Current User Name: Omer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Omer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe (TuneUp Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Omer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not found
DRV - (LVUSBSta) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys File not found
DRV - (lmimirr) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys File not found
DRV - (ivusb) -- C:\WINDOWS\System32\DRIVERS\ivusb.sys File not found
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (MAUSBKS) Service for M-Audio KeyStudio IO (WDM) -- C:\WINDOWS\system32\drivers\mausbks.sys (Avid Technology, Inc.)
DRV - (MADFU) -- C:\WINDOWS\system32\drivers\M-Audio_KeyStudio49i_DFU.sys ()
DRV - (VSPerfDrv90) -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (Wirelecf) -- C:\WINDOWS\system32\drivers\Wirelecf.SYS ()
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (NvNdis) -- C:\WINDOWS\system32\drivers\nvndis.sys (NVIDIA Corporation.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (RVIEGVST) -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys (Roland)
DRV - (RVIEG01) -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys (Roland)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-963894560-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/08/03 22:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/04 22:49:01 | 000,000,895 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (http://www.flashget.com)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (http://www.flashget.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-963894560-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-963894560-682003330-1003..\Run: [TuneUp MemOptimizer] C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe (TuneUp Software GmbH)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Omer\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/ ... tion32.cab (Device Detection)
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file:///E:/setup/RiffLick.cab (WaveTab Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 1890553279 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.117.235.235 62.219.186.7
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - File not found
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/14 01:24:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{30fd6b02-3a63-11de-b1d6-001fd08d02d2}\Shell - "" = AutoRun
O33 - MountPoints2\{30fd6b02-3a63-11de-b1d6-001fd08d02d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30fd6b02-3a63-11de-b1d6-001fd08d02d2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a8a56c83-4939-11df-b3da-001fd08d02d2}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a56c83-4939-11df-b3da-001fd08d02d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8a56c83-4939-11df-b3da-001fd08d02d2}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{accd3d6e-5611-11df-b3e5-001fd08d02d2}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 02:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bccadf32-1d55-11de-b19e-001fd08d02d2}\Shell - "" = AutoRun
O33 - MountPoints2\{bccadf32-1d55-11de-b19e-001fd08d02d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bccadf32-1d55-11de-b19e-001fd08d02d2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c7811044-4974-11df-b3db-001fd08d02d2}\Shell - "" = AutoRun
O33 - MountPoints2\{c7811044-4974-11df-b3db-001fd08d02d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7811044-4974-11df-b3db-001fd08d02d2}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 22:24:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Omer\Desktop\OTL.exe
[2010/08/11 20:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/08/11 20:01:08 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Omer\Desktop\MGADiag.exe
[2010/08/10 03:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/08/10 03:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/08/10 03:04:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/05 19:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Fraps
[2010/08/05 13:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\.shsh
[2010/08/05 02:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\My Documents\My Downloaded Video
[2010/08/05 02:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nuclear Coffee
[2010/08/05 02:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\Local Settings\Application Data\Thinstall
[2010/08/05 02:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\FDRLab
[2010/08/05 01:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Neoretix
[2010/08/05 01:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/08/05 00:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\Application Data\Malwarebytes
[2010/08/05 00:51:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/05 00:51:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/05 00:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/05 00:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/04 23:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\Application Data\Scooter Software
[2010/08/04 23:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
[2010/08/04 23:25:06 | 000,000,000 | ---D | C] -- C:\HijackThis
[2010/08/04 22:40:20 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/04 22:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/08/04 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/04 21:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/28 22:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2010/07/24 17:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\Local Settings\Application Data\Threat Expert
[2010/07/24 11:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/24 11:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/24 11:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/24 11:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/07/23 01:40:15 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/23 01:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\Local Settings\Application Data\Sunbelt Software
[2010/07/23 01:29:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/23 01:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/23 01:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/22 23:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/22 23:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omer\Application Data\WinPatrol
[2010/07/22 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/22 19:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/22 19:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 21:52:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

========== Files - Modified Within 30 Days ==========

[2010/08/11 22:29:27 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\u50pjz0o.exe
[2010/08/11 22:25:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Omer\Desktop\OTL.exe
[2010/08/11 22:03:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-963894560-682003330-1003UA.job
[2010/08/11 22:00:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/08/11 21:46:49 | 000,218,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/08/11 21:38:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/11 21:25:42 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/11 21:14:42 | 000,271,817 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/11 21:14:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/08/11 21:13:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/11 21:13:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 21:11:28 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Omer\NTUSER.DAT
[2010/08/11 21:11:22 | 006,409,602 | -H-- | M] () -- C:\Documents and Settings\Omer\Local Settings\Application Data\IconCache.db
[2010/08/11 20:06:45 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\CKScanner.exe
[2010/08/11 20:01:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 20:01:09 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Omer\Desktop\MGADiag.exe
[2010/08/11 00:03:48 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\Google Chrome.lnk
[2010/08/11 00:03:48 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Omer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 09:53:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Omer\ntuser.ini
[2010/08/10 07:03:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-963894560-682003330-1003Core.job
[2010/08/10 04:53:52 | 000,459,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 03:06:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 03:05:20 | 000,444,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 03:05:20 | 000,072,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 03:05:19 | 000,505,512 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/09 01:00:45 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Omer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 23:44:38 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\HiJackThis.lnk
[2010/08/07 02:04:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\dds.com
[2010/08/05 19:31:28 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\Fraps.lnk
[2010/08/05 15:43:57 | 000,000,895 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2010/08/05 15:15:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/05 02:57:30 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoGet.lnk
[2010/08/05 01:38:59 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Omer\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/08/05 01:38:59 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\SpywareGuard.lnk
[2010/08/05 00:51:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 23:45:01 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Beyond Compare 3.lnk
[2010/08/04 22:49:01 | 000,000,895 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/04 21:09:21 | 000,000,127 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/03 21:23:29 | 000,415,624 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100804-224901.backup
[2010/08/02 01:51:26 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Omer\My Documents\חוזה שכירות משנה.doc
[2010/07/31 10:29:49 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\RemoveIT Pro v4 - SE.lnk
[2010/07/30 15:37:42 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\Video.lnk
[2010/07/30 13:07:02 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\Music.lnk
[2010/07/27 20:39:14 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\Downloads.lnk
[2010/07/27 08:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/24 11:16:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Omer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/24 11:16:39 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Omer\Desktop\Spybot - Search & Destroy.lnk
[2010/07/23 18:16:33 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Omer\My Documents\הסכם שכירות יחיאל שירן.doc
[2010/07/23 01:40:15 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/19 21:04:58 | 000,145,048 | ---- | M] () -- C:\Documents and Settings\Omer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/08/11 22:29:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\u50pjz0o.exe
[2010/08/11 20:06:44 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\CKScanner.exe
[2010/08/08 23:44:30 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\HiJackThis.lnk
[2010/08/07 02:03:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\dds.com
[2010/08/05 19:31:28 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\Fraps.lnk
[2010/08/05 02:57:30 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoGet.lnk
[2010/08/05 01:38:59 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Omer\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/08/05 01:38:59 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\SpywareGuard.lnk
[2010/08/05 00:51:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 23:45:01 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Beyond Compare 3.lnk
[2010/08/04 21:47:18 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/04 19:48:30 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/31 10:29:49 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\RemoveIT Pro v4 - SE.lnk
[2010/07/29 22:07:01 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Omer\My Documents\חוזה שכירות משנה.doc
[2010/07/24 11:16:39 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Omer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/24 11:16:39 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Omer\Desktop\Spybot - Search & Destroy.lnk
[2010/07/23 18:16:33 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Omer\My Documents\הסכם שכירות יחיאל שירן.doc
[2010/07/19 21:04:59 | 000,424,960 | -H-- | C] () -- C:\Documents and Settings\Omer\Application Data\Any Video Converter Professional.exe.Exe
[2010/07/02 18:07:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/05/21 13:56:46 | 000,000,345 | ---- | C] () -- C:\WINDOWS\Okey+.ini
[2010/04/08 17:14:57 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/07 17:22:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/07 17:22:27 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/07 17:22:27 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/07 17:22:25 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/07 17:22:25 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/18 20:59:30 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/10/14 01:26:24 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/10/06 23:43:17 | 000,023,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\M-Audio_KeyStudio49i_DFU.sys
[2009/08/17 09:22:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OverlayXP.ini
[2009/08/14 10:02:06 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2009/06/25 19:58:53 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/04/25 17:37:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll
[2009/04/06 21:11:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/02/20 15:47:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/16 00:23:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/15 09:02:33 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/14 02:37:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/13 16:52:18 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2005/09/07 11:09:36 | 000,017,230 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wirelecf.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >



Extras.Txt
========


OTL Extras logfile created on: 8/11/2010 22:42:58 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Omer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.62 Gb Total Space | 149.09 Gb Free Space | 67.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 244.14 Gb Total Space | 243.17 Gb Free Space | 99.60% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1396.61 Gb Total Space | 835.72 Gb Free Space | 59.84% Space Free | Partition Type: NTFS

Computer Name: THREADKILLER
Current User Name: Omer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Documents and Settings\Omer\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Omer\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\eclipse\eclipse.exe" = C:\Program Files\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe" = C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:removeit -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Disabled:webcamXP -- (Moonware / Darkwet)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA DVD Decoder
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26B46206-DF80-4DA2-AEAB-FF146320C344}" = CodeMeter Runtime Kit v4.01
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3AE3B734-B03A-46B8-8D19-91D6F4907735}" = M-Audio KeyStudio 49i USB
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42c31516-af37-4d51-8b72-054aa380f3ee}" = Nero 9 Trial
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{633D90C2-5105-4E17-9290-F9F7149E1070}" = General MIDI Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86A6E235-C08F-4A14-B14C-793C7D8844A0}" = ESET NOD32 Antivirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9FC37783-8C20-4930-8340-91C1E44BDA92}" = Visual Install Pack
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b475e755-8c93-46cc-acc5-cda6111fb60f}" = Nero 9 HD
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D44A38DD-6F9A-4F12-ADA9-4C79BC71ECD0}" = WD SmartWare
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.1
"Audacity_is1" = Audacity 1.2.6
"AVI MPEG RM WMV Splitter_is1" = AVI/MPEG/RM/WMV Splitter 4.28
"BB_is1" = Band-in-a-Box 2008
"BeyondCompare3_is1" = Beyond Compare Version 3.1.11
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"Kill Winamp_is1" = KillWinamp 1.61
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.46a
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"Picasa 3" = Picasa 3
"PRJPRO" = Microsoft Office Project Professional 2007
"RealAlt_is1" = Real Alternative 1.9.0
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"SpywareGuard_is1" = SpywareGuard v2.2
"The KMPlayer" = The KMPlayer (remove only)
"VideoGet_is1" = Nuclear Coffee - VideoGet
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.9
"wLite" = webcamXP Lite
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-963894560-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2010 15:56:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 15:56:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 15:56:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 18:55:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 18:55:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 18:55:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 18:55:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/6/2010 18:55:03 | Computer Name = THREADKILLER | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/7/2010 9:50:34 | Computer Name = THREADKILLER | Source = Application Hang | ID = 1002
Description = Hanging application KMPlayer.exe, version 2.9.4.1435, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 16:37:25 | Computer Name = THREADKILLER | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/11/2010 13:44:38 | Computer Name = THREADKILLER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nod32 AV service to connect.

Error - 8/11/2010 13:44:38 | Computer Name = THREADKILLER | Source = Service Control Manager | ID = 7000
Description = The Nod32 AV service failed to start due to the following error: %%1053

Error - 8/11/2010 13:44:38 | Computer Name = THREADKILLER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 8/11/2010 15:14:02 | Computer Name = THREADKILLER | Source = Dhcp | ID = 1002
Description = The IP address lease 84.109.238.239 for the Network Card with network
address 001FD08D02D2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/11/2010 15:14:17 | Computer Name = THREADKILLER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nod32 AV service to connect.

Error - 8/11/2010 15:14:17 | Computer Name = THREADKILLER | Source = Service Control Manager | ID = 7000
Description = The Nod32 AV service failed to start due to the following error: %%1053

Error - 8/11/2010 15:14:17 | Computer Name = THREADKILLER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 8/11/2010 15:15:06 | Computer Name = THREADKILLER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001FD08D02D2.

Error - 8/11/2010 15:17:41 | Computer Name = THREADKILLER | Source = Dhcp | ID = 1002
Description = The IP address lease 84.109.238.239 for the Network Card with network
address 001FD08D02D2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/11/2010 15:18:43 | Computer Name = THREADKILLER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 001FD08D02D2.

[ TuneUp Events ]
Error - 1/9/2010 4:56:16 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-09 10:56:16', '\device\harddiskvolume1\program
files\ubisoft\assassin's creed\register\registrationreminder.exe','2140',0)

Error - 1/9/2010 4:56:21 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-09 10:56:21', '\device\harddiskvolume1\program
files\ubisoft\assassin's creed\detection\detection.exe','2980',0)

Error - 1/9/2010 4:56:41 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-09 10:56:41', '\device\harddiskvolume2\downloads\assassins_creed_by_frrrosty\assassins
creed by frrrosty\assassin's creed - v1.02 patch\assassins_creed_1.02.exe','4020',0)

Error - 1/9/2010 9:50:32 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-09 15:50:32', '\device\harddiskvolume1\program
files\ubisoft\assassin's creed\assassinscreed_dx9.exe','848',0)

Error - 8/4/2010 18:51:46 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-05 00:51:46', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','192',0)

Error - 8/4/2010 18:52:36 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-05 00:52:36', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1952',0)

Error - 8/4/2010 19:05:19 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-05 01:05:19', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2892',0)

Error - 8/5/2010 6:01:01 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-05 12:01:01', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2900',0)

Error - 8/5/2010 6:03:46 | Computer Name = THREADKILLER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-05 12:03:46', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3488',0)


< End of report >
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 12th, 2010, 5:23 pm

Hi ThreadKiller,

OTL was no problem but GMER... totally different story.


Please try this alternative rootkit scanner.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 12th, 2010, 5:27 pm

when scanning files i am asked to choose which drives i would like to scan.
should i check C drive only, or check all of them?
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 12th, 2010, 5:30 pm

Yes - just drive C:
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 12th, 2010, 7:52 pm

Rootkit Unhooker Drivers, Stealth, Files, Code Hooks reports:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
0xB7E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x806E4000 ACPI_HAL 134400 bytes
0xB35C1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB5F12000 C:\WINDOWS\System32\Drivers\ai27sssl.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB87E8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB85CC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB8238000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB768F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB7E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB76AF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB34E6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB85D2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB36F5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB86FA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB229B000 C:\WINDOWS\system32\DRIVERS\eamon.sys 315392 bytes (ESET, Amon monitor)
0xB8208000 C:\WINDOWS\system32\DRIVERS\easdrv.sys 45056 bytes (ESET, Eset AntiStealth driver)
0xB81D8000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 49152 bytes
0xB76BF000 C:\WINDOWS\system32\drivers\es1371mp.sys 40960 bytes (Creative Technology Ltd., ENSONIQ AudioPCI 97 WDM Audio Miniport)
0xB21A7000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB81F8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB7DE0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB85CA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB7E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB857C000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB84A8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB21CB000 C:\WINDOWS\system32\drivers\hardlock.sys 688128 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0xB5FAC000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB8228000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8430000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB4D1C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB1B47000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB769F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB76CF000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB35E3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB368A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB3709000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB1784000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5F4B000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB7DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8428000 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xB85CE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB4D18000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB2310000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB3526000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8440000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB7C7F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7CE3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7CFD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7C9B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB31C2000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5EFB000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8188000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3609000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB1D10000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB2D3B000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xB8448000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB7D2A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0xB87E2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6434816 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.45 )
0xB6CCC000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10235904 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 )
0xB2D2B000 C:\WINDOWS\system32\Drivers\NvNdis.sys 36864 bytes (NVIDIA Corporation., NDIS User mode I/O Driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8338000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xB7E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB7EB4000 PCI_PNP7028 995328 bytes
0xB7CAF000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0x804D7000 PnpManager 2150400 bytes
0xB5F6E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB87FC000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
0xB5EEA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB83F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB80F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB5E48000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB8148000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB8158000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB83F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0x804D7000 RAW 2150400 bytes
0xB3596000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB85D0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB5EBA000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB8128000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB5F92000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB370D000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6287360 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xB1F70000 C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 163840 bytes (Roland, Roland VSC Synthesizer Engine)
0xB1F48000 C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys 163840 bytes (Roland, Roland VSC Synthesizer Engine)
0xB7E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7EB4000 spes.sys 995328 bytes
0xB7EB4000 sptd 995328 bytes
0xB7DCE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB20B0000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB85C0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB301E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB3631000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB83E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8178000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B3081F8 unknown_irp_handler 3592 bytes
0x8ADC9500 unknown_irp_handler 2816 bytes
0x8B2951F8 unknown_irp_handler 3592 bytes
0x8AFD21F8 unknown_irp_handler 3592 bytes
0x8B30A1F8 unknown_irp_handler 3592 bytes
0x8B0BC500 unknown_irp_handler 2816 bytes
0x8AFA0500 unknown_irp_handler 2816 bytes
0x8AF9C1F8 unknown_irp_handler 3592 bytes
0x8AFC21F8 unknown_irp_handler 3592 bytes
0x8ADD0500 unknown_irp_handler 2816 bytes
0x8B013500 unknown_irp_handler 2816 bytes
0xB5E5C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB8450000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB85C4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB84A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB5FD4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8498000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB8438000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB6CB8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8458000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2EC1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB85AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x804D7000 WMIxWDM 2150400 bytes




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[5].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@adnxs[4].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ADFCBEB9-A59D-11DF-B491-001FD08D02D2}.dat::$DATA
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E80A7AB-A59F-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{073D653F-A5A0-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED7E8207-A59D-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED7E8209-A59D-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED7E820A-A59D-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED7E820B-A59D-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{76044995-A59E-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\0d1bc92f00d7324c09dd0a56771e802e[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\0f7557cd23aef67d5935f7b64b664257[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\160x600[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\22a144196033fc4d52f820ac29edf906[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA0WWQC6
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAJ16EJW
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAJ60OML
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAJNB3E6
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAMDMNHU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCANH9VAD
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAO11HGR
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAOZGU1G
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\9bb5e2dc7267726477cc9ba179491269[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\9bb5e2dc7267726477cc9ba179491269[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\a03eb86dbf2bc7630c252f35e369077b[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\22a144196033fc4d52f820ac29edf906[5].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\a0d90caa61a4f1ed65222a2b517fa349[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA13Z2AX
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\6988da937c513e9818d18f075cfabc92[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\728x90[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\7393f75d267d1f36ff4f8f2075d1d97e[5].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\7393f75d267d1f36ff4f8f2075d1d97e[6].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\745033d44dcb3771db0c3c13989a9123[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\7d19f90132578b9cc9caed319b114292[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\d68858a504d41cbffb141e497d6d8de[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\ddf425b9f4fdb94c64219b0fc46e6fc4[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\ddf425b9f4fdb94c64219b0fc46e6fc4[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\e1da7ba7aa79baa422677a432dc36a32[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAT81JPY
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAUE3OGX
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAVOXGX0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAXO4RM2
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAY798S0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAZELL3L
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAZMBB2I
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\5b3299e68bfc292234b81708a3d410ac[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA6A21ID
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA6CHO00
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA70U6YC
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA7AEIZR
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA80WX3T
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA9B9J3K
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA9UXI4U
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\8a8a0e40fdfc60cf6a98d4d1776496b7[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\98bf904b86dcc7492439c0445e926680[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\index[3].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\index[4].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAPDNKN0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAPSFOZ8
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAQ9URQ8
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAQTCKSQ
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAQW3WFM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCARSXZKU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCASEWA8K
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\39a9a6ab88792cf70d0d11f0f31ecb14[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\3aee781bdfefa04a8eee3127bba9d34d[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\3b9ba6fc8bc75e77f4a9cbc971ac976a[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAAKHE1H
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAAYFQQU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCABBA30Y
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCADXZ1IP
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAG51QSU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCAGYU56Y
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA16APE8
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA1F4V0S
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA1ZRTA0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA2B3YIT
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA2HBEQW
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA3EFADU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA3KE2VM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\impCA3N3Y6H
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\a0d90caa61a4f1ed65222a2b517fa349[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\banner[2].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EEQ53274\c06d6aba2f6edcd8d280df78213a85ae[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\028a61ac3029e4b9c6f5a9be59cedcf1[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\04d83c12c697bd2c4c24882690b1d475[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\0d1bc92f00d7324c09dd0a56771e802e[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\1127cfec0ba56c28e5b5b990d28b2d38[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\168b076c30504ad4d02c6b389fd8caf2[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\1cd8a2472da23ab99eb233c2e4b2666c[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\720e15b7b1d2eff96c15d5cb803db5f9[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\720e15b7b1d2eff96c15d5cb803db5f9[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\7393f75d267d1f36ff4f8f2075d1d97e[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\7cc785e3d6862765b78486676f93a95e[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\8a8a0e40fdfc60cf6a98d4d1776496b7[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\f4a98fd1288be5b06315c6c4a8ea0412[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\goad[1].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAIKZP2U
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAIPPNH4
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCALKZ6FM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCALRQYML
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAQ67T3X
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\3acb9e24a82578f8abe93286057975f9[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\65ad741ddd2568207de86b3bdfd6bd28[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\65ad741ddd2568207de86b3bdfd6bd28[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\70f2cfacf6c51d0bf23bb407600a3e84[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\ddf425b9f4fdb94c64219b0fc46e6fc4[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\index[2].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA7301OE
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA7CXXL1
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA87CBK3
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA8WTEWV
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAAAIIV2
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAC92O9K
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCACEQRW7
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\ad935898e497cf6b2dbb6667a90e016a[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\ba5ab388af95b5450362a879e84b07bc[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\c5a80064ff942857d9f3bcffcc471c8c[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\ddf425b9f4fdb94c64219b0fc46e6fc4[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\ddf425b9f4fdb94c64219b0fc46e6fc4[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAVRHO7T
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAWCOP1N
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAXSLKGU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAY1SBB5
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAYMFHZM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAZZ4E58
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\22a144196033fc4d52f820ac29edf906[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\2fb0e5dfdd44b1f47efad319eda543e1[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\36c70aba8f21ababe3bffd1ce12e0190[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA09RDV9
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA0VI3SA
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA2QA7OL
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA3LBN2S
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA5H7TYL
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCA6XW18D
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAD1S7JP
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCADX47AI
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAE154PZ
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAEEIMWX
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAEEPZYS
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAGO4QZX
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAH8INKP
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAHUHI2L
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAHZ18NM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAQXFTDL
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAQXI07Z
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCARSJ9XL
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCASKJQNN
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\impCAT2KL8T
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\8e2b9bb4972df8e8bc4b52e7c27a71c7[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\8e2b9bb4972df8e8bc4b52e7c27a71c7[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\9ade3cf0311d640036fc5c4adc5c0f15[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\9bb5e2dc7267726477cc9ba179491269[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\a0d90caa61a4f1ed65222a2b517fa349[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\a0d90caa61a4f1ed65222a2b517fa349[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\e1da7ba7aa79baa422677a432dc36a32[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\e1e672fbcc653e21d230ad62392e5655[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F0PEUFZ6\ed0474e98fb4931428126bedfadee7f4[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\f59c5d814d003dcb80bcc2424c831dc1[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\fb008b73debf5da830a7ee1ce2eba37d[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\a0d90caa61a4f1ed65222a2b517fa349[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\index[1].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\index[2].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\soccersmash[1].mp3
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\st[1]
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\st[2]
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\st[3]
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\st[4]
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAGJ4QBO
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAGJ696V
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAGVN70C
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAHW2P4S
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAHXE463
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAHYF6NT
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAI6FZOJ
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAIDSY7O
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAIS8QJD
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\3007ec3c3ca05892843233a50857e91c[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\3007ec3c3ca05892843233a50857e91c[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\3acb9e24a82578f8abe93286057975f9[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\168b076c30504ad4d02c6b389fd8caf2[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\3aee781bdfefa04a8eee3127bba9d34d[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA9MYPRV
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAXM4OH9
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\c2e5aa3cb71558ff3d2206d517919667[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\c5a80064ff942857d9f3bcffcc471c8c[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\c9ecd3a4eac30fccab8973887236dc02[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA59C87B
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA67YJXK
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA6Z0JUS
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA76IR8W
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA9B07G7
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAS5N5H5
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCATF4W8X
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAUJHXGO
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAV9RUY2
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAWBTEUM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAWQ0QW4
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\21ab67571f3de851e1bbf6877c24b4a4[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\21ab67571f3de851e1bbf6877c24b4a4[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\21ab67571f3de851e1bbf6877c24b4a4[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\22a144196033fc4d52f820ac29edf906[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\22a144196033fc4d52f820ac29edf906[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAJHN5PM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCALAM1ON
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCALQE4TV
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCALWEPA0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAMP00WM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAO8M41R
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAP0TCO2
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAPKMJ17
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAPZGQIM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAQ9XVGM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAQXUXCH
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\65ad741ddd2568207de86b3bdfd6bd28[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\6988da937c513e9818d18f075cfabc92[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\7026ecf27cb24dda0df88bc02e867f88[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\728x90[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\7393f75d267d1f36ff4f8f2075d1d97e[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\7393f75d267d1f36ff4f8f2075d1d97e[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\9bb5e2dc7267726477cc9ba179491269[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\9bb5e2dc7267726477cc9ba179491269[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\ad4f77e5ed4a07b5fafedbd54831b16c[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\b2772b065b022c3a20660442939a1886[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\b5226621a3326caf878f0b20734b4e7a[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\b61327f1fdd9c3ac272e2fd969a22a7[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\banner_pixel[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA1DVBQT
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCA1XO8ED
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\3aee781bdfefa04a8eee3127bba9d34d[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\3b4b174829d8525952ca4db920ff7780[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\562b3950fc94f7731795bae81f24dd6e[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\562b3950fc94f7731795bae81f24dd6e[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCABDQZXJ
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCADX37PY
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAEC7B54
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAF8LWO0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAFB7B0O
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAFFSRRN
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0LBATGE\impCAZ33YWX
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\01c48e1a9100644b1310bf966789f1bd[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\01c48e1a9100644b1310bf966789f1bd[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\eventreport[2].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\f09c0c7bbf85b4d17c88473444f0f3f0[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\f8779677bf4d8281ede2365124bdfd3[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\39a9a6ab88792cf70d0d11f0f31ecb14[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\39a9a6ab88792cf70d0d11f0f31ecb14[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\3aee781bdfefa04a8eee3127bba9d34d[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\3aee781bdfefa04a8eee3127bba9d34d[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\3aee781bdfefa04a8eee3127bba9d34d[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\3aee781bdfefa04a8eee3127bba9d34d[5].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\3aee781bdfefa04a8eee3127bba9d34d[6].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\3b9ba6fc8bc75e77f4a9cbc971ac976a[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\7026ecf27cb24dda0df88bc02e867f88[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\728x90[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\7393f75d267d1f36ff4f8f2075d1d97e[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\7393f75d267d1f36ff4f8f2075d1d97e[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\7393f75d267d1f36ff4f8f2075d1d97e[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAJ450PF
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCALGJJBP
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAMYESZD
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCANJT1AA
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAO384JH
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAOTOI7G
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAOUQC7F
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAW1ZG9D
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\21ab67571f3de851e1bbf6877c24b4a4[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\21ab67571f3de851e1bbf6877c24b4a4[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\22a144196033fc4d52f820ac29edf906[4].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA4HYJGU
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA4IYOLM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA6FCH31
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA9XDM10
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAB1JD16
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCABZC4G2
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCARLYZ2X
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCASBF69K
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCASCMGXS
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCASIIR2K
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCATPI187
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\a03eb86dbf2bc7630c252f35e369077b[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\a0d90caa61a4f1ed65222a2b517fa349[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\B.i_Toaar2+Date_300x250[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\b06ea6cbcae61a36a54c2af3a502b3f9[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\c2e5aa3cb71558ff3d2206d517919667[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\c9e396cd7f8ecfb42bc380b032142df2[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\5b007f3f7405b25365e927a48b927bc[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\5dec070a5c7021fc832feb9cbb29c911[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\5dec070a5c7021fc832feb9cbb29c911[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAEH1Q0O
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAESKSKF
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAFBTBV0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAG23XF5
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAHN70JP
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAHPM45W
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\8a8a0e40fdfc60cf6a98d4d1776496b7[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\8a8a0e40fdfc60cf6a98d4d1776496b7[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\9bb5e2dc7267726477cc9ba179491269[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\9bb5e2dc7267726477cc9ba179491269[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\9bb5e2dc7267726477cc9ba179491269[3].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\crossdomain[1].xml
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\e1da7ba7aa79baa422677a432dc36a32[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\ed0474e98fb4931428126bedfadee7f4[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\262cc727d74f2f81cf726a672057d3ec[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\28ef4d11e32fd6edc6b8e398e313d4a7[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\28ef4d11e32fd6edc6b8e398e313d4a7[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\300x250[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\36c70aba8f21ababe3bffd1ce12e0190[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA0VQVWW
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA15LZ0O
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA1JW8KD
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCA1JZ5UH
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAXQOUE1
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAY3BWV1
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IR32VMHV\impCAYAI7G6
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@213.8.137[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@amadesa[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@doubleclick[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@jdate.co[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@sparknetworks.112.2o7[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@static.jdate.co[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Cookies\omer@www.jdate.co[1].txt
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e0
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e1
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e2
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e3
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e4
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e5
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e6
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e7
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e8
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006e9
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006ea
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006eb
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006ec
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006ed
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006ee
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006ef
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006f0
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006f1
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006f2
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006f3
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006f4
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0006f5
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E899EC5A-A5A0-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E899EC5B-A5A0-11DF-B491-001FD08D02D2}.dat
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temp\etilqs_i46gcACHHo008dfN1dQW
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\150664633[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\154430647[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\154712146[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\154926426[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\154928313[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\155308558[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\nav-tabs-outside-on[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\nav-tabs-outside[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\k_button[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\k_push[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\login-back-base-red[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\gamiframe[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\google_ads[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\structure-rtl[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\style.4[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ui-fullprofile-thu-viewall[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\UP_IM[1].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\userplaneIM[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\hebblu01[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCA27GXNP
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCA3OQAZ4
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCA5A53BR
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCA7VGA35
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCA7YWXQN
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCA9PAM10
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCABEPFKI
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCAEYLC8H
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCAHZFRPN
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCAL62L7L
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\adsCAZ4FYRU
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[10]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[11]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[2]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[3]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[4]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[5]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[6]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[7]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[8]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ads[9]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\noPhoto[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\Omniture[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\Psycholog_728x90_Man[1].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\icon-click-yy[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\icon-email-opened[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\icon-homepage-photos[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\icon_red_click_YY[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\btn-email-fullprofile[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\login-back-right-red[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\img49c8ebac64b56[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\img4a9f9d64b7dba[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\img4b42eb3835375[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\img4b42f393aaaf0[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\img4c483a0108362[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\img4c6004d6739f7[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\imgad[1].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\imgad[2].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\imgad[3].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\IM_watermark[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\JAlerts[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\jmeter_full_profile_btn_b[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\jmeter_logo_side[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\ajax-loader[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\0S1MZPLV\app[1]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\150571601[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\153947123[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\154068545[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\154642157[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\154875059[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\154926288[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\154929738[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\nav-bg[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\nav-sub-bg-indicator-hover[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\nav-tabs-indicator[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\pagination-results-profile-full-bh[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\excanvas.compiled[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCA03ZYOE
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCA08MHI9
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCA6R2HV6
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCA8D9SSP
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCA8ODZHD
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\logo-header-rename[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAAZ7ELN
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[6]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\spark[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\WebResource[1].axd
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\he-blue-band-low-right[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\version_en_win_ax[1].xml
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\bg-footer[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\btn-next-minisearch[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\progress-bar[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\img4b0bd895eb91f[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\imgad[1].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\imgad[2].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\imgad[3].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-arrow-nolink[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-click-n-off[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-click-y-off[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-email-sort[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-send-to-friend[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-status-online[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-tips[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon-updated[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\icon_click_n_on[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ic[1].swf
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[7]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[8]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[9]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\jdatewide[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\jdatewide[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\jdatewide_520[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\jquery-plugins[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAH6K9KV
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAIBVV6U
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAILY9J3
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAL3LBHA
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAMSJZ75
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\adsCAYQYSV2
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[10]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[11]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[1]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[2]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[3]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[4]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\ads[5]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\Compose[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\KAUWELAU\conversion[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\147688847[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\152040566[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\153888512[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\153889168[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\154392400[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\154394287[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\154926687[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\155004493[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\nav-on-indicator[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\nav-profile-full-thumbs-indicator[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\nav-sub-on[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\nav-tabs-inside-on[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\Shortcut[1].ico
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\side-bg[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\spark[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCA14ISXI
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCA3C5GYH
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCA3UZ40N
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCA71KILQ
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCAD63575
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCAIORHVL
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsCALXODI9
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\adsReset[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\bkndHeb[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\border-top[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\btn-email-sm[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\btn-secondary-bg[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-email-replied[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-flirt[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-help[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-homepage-yy[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-hotlist-add[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-select-all[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\icon-status-disconnected[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\yulia%20and%20benny[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\progress-bar-bg[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\crossdomain[10].xml
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ui-sprite-icons[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\userplaneIMHebrewDHTMLsupport[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\jalerts_logo[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\javascript-rtl[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\jdatewide_520[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\JMeter2[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\k_button[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\logo-header-img[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[10]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[11]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[1]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[2]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[3]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[4]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[5]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[6]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[7]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[8]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\ads[9]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\amadesajs[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\img4b0d28d4604cc[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\img4bcc02344d98d[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\img4c4837fa9fc10[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\155308684[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\N8O7RK33\155310388[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\153551450[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\154874123[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\154930275[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\155123830[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\155310874[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\icon-click-m-off[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\icon-ecard[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\icon-homepage-email[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\icon_click_m_on[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\menuHe[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\mood-img-registration[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\nav-bg-indicator-hover[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\nav-on[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\gamiframe[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\google_service[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\hebrew-jdate[1].xml
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ViewProfile[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCA2XRX9E
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCA5QIFBZ
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCABV9IZC
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCACOQRMM
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCADHTIDE
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCADTEBFP
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCAFQIRRM
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCAISMC2Q
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCALVORCG
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCALVVYUJ
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCANVXO5X
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCAP8SD1T
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\jmag[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\jquery-ui.min[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\jquery.min[1].js
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\WebResource[1].axd
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\page_message[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ReportCookie[1].htm
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\img4ac209da1273c[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\img4b050e6dec92c[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\img4b82a01a7ff9b[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\3point[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\50487_thumb_JCARD_120_90[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\bg[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\bknd-regist-content-main[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\border-bottom-curve[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\btn-click-here-to-request-my-photo[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\nav-profile-full-thumbs-indicator[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\nav-sub[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\nav-tabs-indicator-on[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\nav-tabs-inside[1].png
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\no-photo-sm-54x70[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\no-photo-sm[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\noPhoto[1].jpg
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\noPhoto_small[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCAQCLHE5
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\adsCATY2LZC
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[10]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[11]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[2]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[3]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[4]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[5]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[6]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[7]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[8]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\ads[9]
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\sparkCommonHe[1].css
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\trans[1].gif
!-->[Hidden] C:\Documents and Settings\Omer\Local Settings\Temporary Internet Files\Content.IE5\ZVZI3VJC\upInstantCommunicator[1].htm
!-->[Hidden] C:\System Volume Information\_restore{B7960487-61B0-4890-9BA5-C7CD59B3EF71}\RP26\A0009840.ver
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-1FF61462.pf
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-125360EC.pf
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-4047DA82.pf
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
!-->[Hidden] C:\WINDOWS\Temp\~DF66BD.tmp




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
ntkrnlpa.exe+0x0002D524, Type: Inline - RelativeJump 0x80504524-->805044E3 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[248]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[248]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[248]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[248]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[248]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]
[248]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[248]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[248]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[248]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[248]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[248]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1360]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[2232]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004621C8-->00000000 [unknown_code_page]
[2232]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[2232]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[2232]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[3772]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004621C8-->00000000 [unknown_code_page]
[3772]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[3772]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[3772]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[3604]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004621C8-->00000000 [unknown_code_page]
[3604]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[3604]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[3604]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 3:37 am

Hi ThreadKiller,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 3:53 am

TDSSKiller had two detections:
1. sptd (which i didn't try to cure because i'm pretty sure that Daemon Tools need it)
2. Trojan-Clicker.Win32.Wistler.a - which i have cured


2010/08/12 10:45:03.0796 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/12 10:45:03.0796 ================================================================================
2010/08/12 10:45:03.0796 SystemInfo:
2010/08/12 10:45:03.0796
2010/08/12 10:45:03.0796 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/12 10:45:03.0796 Product type: Workstation
2010/08/12 10:45:03.0796 ComputerName: THREADKILLER
2010/08/12 10:45:03.0796 UserName: Omer
2010/08/12 10:45:03.0796 Windows directory: C:\WINDOWS
2010/08/12 10:45:03.0796 System windows directory: C:\WINDOWS
2010/08/12 10:45:03.0796 Processor architecture: Intel x86
2010/08/12 10:45:03.0796 Number of processors: 4
2010/08/12 10:45:03.0796 Page size: 0x1000
2010/08/12 10:45:03.0796 Boot type: Normal boot
2010/08/12 10:45:03.0796 ================================================================================
2010/08/12 10:45:04.0578 Initialize success
2010/08/12 10:45:15.0375 ================================================================================
2010/08/12 10:45:15.0375 Scan started
2010/08/12 10:45:15.0375 Mode: Manual;
2010/08/12 10:45:15.0375 ================================================================================
2010/08/12 10:45:15.0906 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 10:45:15.0953 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/12 10:45:16.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 10:45:16.0078 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 10:45:16.0171 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/08/12 10:45:16.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 10:45:16.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 10:45:16.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 10:45:16.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 10:45:16.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 10:45:16.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 10:45:16.0515 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/12 10:45:16.0562 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 10:45:16.0593 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 10:45:16.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 10:45:16.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 10:45:16.0765 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 10:45:16.0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 10:45:16.0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 10:45:16.0859 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 10:45:16.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 10:45:16.0937 eamon (a885ed0bdc9e7dec3a654bb91befef0f) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/08/12 10:45:16.0984 easdrv (16d58144cc87f19880760fe757829a38) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2010/08/12 10:45:17.0015 epfwtdir (063ba83a061dbf2a53e1889446be729b) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/08/12 10:45:17.0062 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/08/12 10:45:17.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 10:45:17.0140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/12 10:45:17.0187 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/12 10:45:17.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 10:45:17.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/12 10:45:17.0234 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 10:45:17.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 10:45:17.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 10:45:17.0328 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/08/12 10:45:17.0359 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/12 10:45:17.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 10:45:17.0421 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
2010/08/12 10:45:17.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/12 10:45:17.0500 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/12 10:45:17.0578 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 10:45:17.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 10:45:17.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 10:45:17.0812 IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/12 10:45:17.0859 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 10:45:17.0890 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 10:45:17.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 10:45:17.0921 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 10:45:17.0953 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 10:45:17.0968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 10:45:18.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 10:45:18.0015 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/12 10:45:18.0062 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 10:45:18.0078 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/12 10:45:18.0093 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 10:45:18.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 10:45:18.0203 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/08/12 10:45:18.0234 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/12 10:45:18.0406 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/12 10:45:18.0562 MADFU (b1223e5de0b00d805eb542ae8c0a5cb4) C:\WINDOWS\system32\Drivers\M-Audio_KeyStudio49i_DFU.sys
2010/08/12 10:45:18.0578 MAUSBKS (31aab9b76aa247b0385d768cf1dd0431) C:\WINDOWS\system32\DRIVERS\mausbks.sys
2010/08/12 10:45:18.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 10:45:18.0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 10:45:18.0687 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/08/12 10:45:18.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 10:45:18.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/12 10:45:18.0750 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 10:45:18.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 10:45:18.0828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 10:45:18.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 10:45:18.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 10:45:18.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 10:45:18.0906 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 10:45:18.0921 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 10:45:18.0953 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/12 10:45:18.0968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 10:45:18.0984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/12 10:45:19.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 10:45:19.0062 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/12 10:45:19.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 10:45:19.0109 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 10:45:19.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 10:45:19.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 10:45:19.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 10:45:19.0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 10:45:19.0234 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2010/08/12 10:45:19.0250 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 10:45:19.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 10:45:19.0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 10:45:19.0562 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/12 10:45:19.0781 NvNdis (0b7f59271f2694efd2f540b3332ddf5c) C:\WINDOWS\system32\Drivers\NvNdis.sys
2010/08/12 10:45:19.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 10:45:19.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 10:45:19.0890 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/12 10:45:19.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 10:45:19.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 10:45:19.0953 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2010/08/12 10:45:19.0953 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 10:45:20.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 10:45:20.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/12 10:45:20.0140 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/12 10:45:20.0203 PnkBstrK (e3445033ca9e385081e6bb603195b6ed) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/08/12 10:45:20.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 10:45:20.0281 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/08/12 10:45:20.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 10:45:20.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 10:45:20.0343 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 10:45:20.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 10:45:20.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 10:45:20.0453 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 10:45:20.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 10:45:20.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 10:45:20.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 10:45:20.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/12 10:45:20.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 10:45:20.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 10:45:20.0625 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/12 10:45:20.0765 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
2010/08/12 10:45:20.0812 RVIEGVST (3c74d9fdb1d9831ec932e89f3d874f00) C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
2010/08/12 10:45:20.0875 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 10:45:20.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 10:45:20.0921 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/12 10:45:20.0984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/12 10:45:21.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 10:45:21.0093 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/12 10:45:21.0093 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/08/12 10:45:21.0093 sptd - detected Locked file (1)
2010/08/12 10:45:21.0125 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/12 10:45:21.0156 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 10:45:21.0187 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/12 10:45:21.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 10:45:21.0234 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 10:45:21.0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 10:45:21.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 10:45:21.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 10:45:21.0375 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 10:45:21.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 10:45:21.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 10:45:21.0515 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 10:45:21.0578 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/12 10:45:21.0609 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/12 10:45:21.0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/12 10:45:21.0671 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 10:45:21.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 10:45:21.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 10:45:21.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 10:45:21.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 10:45:21.0812 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/12 10:45:21.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 10:45:21.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 10:45:22.0015 VSPerfDrv90 (0bd123313159cb8963d7a0404f7d96a5) C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys
2010/08/12 10:45:22.0093 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
2010/08/12 10:45:22.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 10:45:22.0203 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/08/12 10:45:22.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 10:45:22.0312 Wirelecf (b673d6acdc43b9c8b4f7a94e15b0a4b8) C:\WINDOWS\system32\DRIVERS\Wirelecf.SYS
2010/08/12 10:45:22.0343 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/12 10:45:22.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/12 10:45:22.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 10:45:22.0421 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 10:45:22.0468 \HardDisk0\MBR - detected Trojan-Clicker.Win32.Wistler.a (0)
2010/08/12 10:45:22.0468 ================================================================================
2010/08/12 10:45:22.0468 Scan finished
2010/08/12 10:45:22.0468 ================================================================================
2010/08/12 10:45:22.0468 Detected object count: 2
2010/08/12 10:46:23.0000 Locked file(sptd) - User select action: Skip
2010/08/12 10:46:23.0062 \HardDisk0\MBR - processing error
2010/08/12 10:46:23.0062 Trojan-Clicker.Win32.Wistler.a(\HardDisk0\MBR) - User select action: Cure
2010/08/12 10:46:54.0984 Deinitialize success
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware