Antivir - Please Help

After OTL has started, there are 3 options for Drivers, None, Use SafeList and All. I cannot see a Non-Microsoft option.

Which one do I choose?

Safe List please

OTL logfile created on: 8/1/2010 8:30:11 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 77.00 Mb Available Physical Memory | 30.00% Memory free
216.00 Mb Paging File | 94.00 Mb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.44 Gb Free Space | 39.93% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati5xdxx.sys -- (ati5xdxx)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati0mrxx.sys -- (ati0mrxx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\hidden_ON_C\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643


FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\hidden_ON_C\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\hidden_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\LocalService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKU\NetworkService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKU\hidden_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKU\hidden_ON_C..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKU\hidden_ON_C..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKU\hidden_ON_C..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKU\hidden_ON_C..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKU\hidden_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} http://64.156.31.99/output/060517/uk/fullgames/fullgames.exe (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} http://download.abetterinternet.com/download/cabs/VAL64006/valent.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201639874769 (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} http://www.commonname.com/eng/oneclick/uninstbb.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} http://deposito.hostance.net/dialer/1025972.exe (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} http://dinet.info/n/us48/n.cab (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} http://207.226.177.98/dba2312.exe (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 00:45:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/01 11:21:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/08/01 01:20:14 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/31 20:43:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 20:43:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 20:43:00 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 20:41:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2010/07/31 20:41:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/31 15:48:42 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2008/01/29 15:55:24 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2008/01/29 15:55:21 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2008/01/29 15:55:21 | 000,090,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2008/01/29 15:55:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007/06/24 17:24:17 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\xxx.exe
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/09/08 10:56:07 | 001,420,315 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\Install.dat
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/27 16:39:21 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\sdi.db
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/02 12:40:35 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:07:00 | 000,000,250 | -HS- | C] () -- C:\Documents and Settings\hidden\ntuser.ini
[2003/02/01 22:05:32 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2003/02/01 22:05:31 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2003/02/01 22:05:31 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2003/02/01 22:05:31 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.ref.LOG
[2003/02/01 22:05:30 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2003/02/01 22:05:29 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2003/02/01 22:05:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2003/02/01 22:05:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.ref.LOG
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/02/01 20:20:07 | 007,864,320 | -H-- | C] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2003/02/01 20:20:07 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\hidden\ntuser.dat.LOG
[2003/02/01 18:34:22 | 000,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/08/01 11:21:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========


< End of report >

Hi,

Lots of stuff to fix here!

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
  O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
  O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
  O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
  O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
  O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
  O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
  O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
  O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
  O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
  O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
  O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
  O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
  O4 - HKU\LocalService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
  O4 - HKU\NetworkService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
  O4 - HKU\hidden_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
  O4 - HKU\hidden_ON_C..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
  O4 - HKU\hidden_ON_C..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
  O4 - HKU\hidden_ON_C..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
  O4 - HKU\hidden_ON_C..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
  O4 - HKU\hidden_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
  O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
  O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
  O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
  O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
  O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
  O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
  O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
  O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
  O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
  O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
  O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
  O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
  O29 - HKLM SecurityProviders - (append.dll) - File not found
  O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
  
  :Commands
  [emptytemp]
  [emptyflash]
  [resethosts]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

When I click on OTL it says the application failed to start because framedyn.dll was not found....

Ok. Forget that for now.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

After I put the command in the Run box it says errors encountered while performing this operation.

Ok. Try just double clicking it and running the program please

Hi,

I still get the same error message.

Hi,

I'm currently on vacation. If someone else wants to pick this up for you by all means have at it guys

Hi,

Just wondering if you have come up with any more ideas?

Thanks.

Hi,

Sorry. It looks like this got missed.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log in your reply

Hi,

I cannot install the program as it tries to save files to the cd-rom drive and it doesn't give me an option to save to the hard drive.

Is it because I am using a cd-rom to start the pc? You asked me to do this previously as nothing seemed to work when I started the pc normally.

Hi,

What have you done with this PC over the last few days while I was on vacation? This will help to determine if anything has changed in terms of infection.

I see some junk in the old OTL can you post a new one to confirm that it is still there?

I haven't used the pc since you last provided help, so everything should be the same.

The code is below;

OTL logfile created on: 17/08/2010 00:52:45 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\hidden\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 32.00% Memory free
428.00 Mb Paging File | 312.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.49 Gb Free Space | 40.20% Space Free | Partition Type: FAT32
Drive D: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 249.35 Mb Total Space | 27.92 Mb Free Space | 11.20% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: hidden
Current User Name: hidden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/01 20:50:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/02/23 19:10:38 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2002/09/08 23:08:06 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\savedump.exe
PRC - [2002/09/08 23:07:18 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/07/06 20:11:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
PRC - [1997/02/14 12:22:42 | 000,195,072 | ---- | M] (Voyetra Technologies Inc.) -- C:\VOYETRA\AS2\AS2TRAY.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/01 20:50:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
MOD - [2002/09/08 23:09:32 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
MOD - [2002/09/08 23:07:42 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]

[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions
[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [Kcanum] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] File not found
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKCU..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKCU..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} http://64.156.31.99/output/060517/uk/fullgames/fullgames.exe (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} http://download.abetterinternet.com/download/cabs/VAL64006/valent.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201639874769 (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} http://www.commonname.com/eng/oneclick/uninstbb.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} http://deposito.hostance.net/dialer/1025972.exe (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} http://dinet.info/n/us48/n.cab (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} http://207.226.177.98/dba2312.exe (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8771fec3-361f-11d7-8d65-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8771fec3-361f-11d7-8d65-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8771fec3-361f-11d7-8d65-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005/07/16 22:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 00:52:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
[2010/08/15 14:31:19 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/08/01 00:45:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/06 14:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/20 17:45:30 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/17 01:01:28 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/08/17 00:51:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 00:50:32 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 00:50:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 00:50:26 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 20:50:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:54:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 21:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/06 14:28:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 09:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/01/07 19:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa
[2008/05/31 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/09 20:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 14:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/08/17 01:01:28 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========


< End of report >

Hi,

You're in a bit of a mess here. But, nothing we can't fix. NOTE: If this fix freezes the computer please delete the O16 entries and try again.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
  O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
  O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
  O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
  O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
  O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
  O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
  O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
  O4 - HKLM..\Run: [Kcanum] File not found
  O4 - HKLM..\Run: [KernelFaultCheck] File not found
  O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
  O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
  O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
  O4 - HKLM..\Run: [SystemTray] File not found
  O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
  O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
  O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
  O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} http://64.156.31.99/output/060517/uk/fullgames/fullgames.exe (Reg Error: Key error.)
  O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab (Reg Error: Key error.)
  O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} http://download.abetterinternet.com/download/cabs/VAL64006/valent.cab (Reg Error: Key error.)
  O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
  O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201639874769 (MUWebControl Class)
  O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} http://85.255.115.229/1/gdnFR2312.exe (Reg Error: Key error.)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
  O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} http://www.commonname.com/eng/oneclick/uninstbb.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
  O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} http://deposito.hostance.net/dialer/1025972.exe (Reg Error: Key error.)
  O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} http://dinet.info/n/us48/n.cab (Reg Error: Key error.)
  O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} http://207.226.177.98/dba2312.exe (Reg Error: Key error.)
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
  O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
  O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
  O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
  O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
  O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
  O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
  O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
  O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
  O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
  O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
  O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
  O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
  O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
  O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
  O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
  O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
  O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
  O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
  O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
  O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
  O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
  O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
  O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
  O29 - HKLM SecurityProviders - (schannel.dll) - File not found
  O29 - HKLM SecurityProviders - (digest.dll) - File not found
  O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
  O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
  O29 - HKLM SecurityProviders - (append.dll) - File not found
  O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
  
  :commands
  [emptytemp]
  [emptyflash]
  [resethosts]
  [reboot]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Hi,

The code is below. There was a message saying it could not delete one of the temp internet files because it was corrupt.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13F20E4F-F379-41EA-8F80-CCAAE787362A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BA7E09D-C8BD-4B87-A065-63E77A854029}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BA7E09D-C8BD-4B87-A065-63E77A854029}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83a94d6-7733-4d2f-bff2-6e039b726f5e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c83a94d6-7733-4d2f-bff2-6e039b726f5e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB68B50B-7876-4FD1-837B-B96AFB4F74EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB68B50B-7876-4FD1-837B-B96AFB4F74EF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2CF0B992-5EEB-4143-99C2-5297EF71F44B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM340e2a31 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Kcanum deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lluatkql deleted successfully.
File C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msbb deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rhapcihdzblcj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SystemTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TBllEe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ultimate Cleaner deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ultimate Defender deleted successfully.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {034CC2DC-3245-4B26-B5C7-7B8777739CB7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ not found.
Starting removal of ActiveX control {0522708F-0D6C-7DF8-085F-288474A63F11}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0522708F-0D6C-7DF8-085F-288474A63F11}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0522708F-0D6C-7DF8-085F-288474A63F11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0522708F-0D6C-7DF8-085F-288474A63F11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0522708F-0D6C-7DF8-085F-288474A63F11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0522708F-0D6C-7DF8-085F-288474A63F11}\ not found.
Starting removal of ActiveX control {07ABDE4B-B4E3-2161-434B-22801DA58C2D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ not found.
Starting removal of ActiveX control {0DD59632-6A06-3B74-C9D7-3B2B264230FC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ not found.
Starting removal of ActiveX control {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {30000273-8230-4DD4-BE4F-6889D1E74167}
C:\WINDOWS\Downloaded Program Files\valent.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30000273-8230-4DD4-BE4F-6889D1E74167}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30000273-8230-4DD4-BE4F-6889D1E74167}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30000273-8230-4DD4-BE4F-6889D1E74167}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30000273-8230-4DD4-BE4F-6889D1E74167}\ not found.
Starting removal of ActiveX control {3334504D-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\mp43dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {466583FB-C061-277D-F6F6-6CB77D1F0C28}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ not found.
Starting removal of ActiveX control {47B7E474-439D-07A0-7D60-732616FE6823}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{47B7E474-439D-07A0-7D60-732616FE6823}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{47B7E474-439D-07A0-7D60-732616FE6823}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47B7E474-439D-07A0-7D60-732616FE6823}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{47B7E474-439D-07A0-7D60-732616FE6823}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47B7E474-439D-07A0-7D60-732616FE6823}\ not found.
Starting removal of ActiveX control {4CEDBC97-9F52-0998-6039-28B6495395A9}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CEDBC97-9F52-0998-6039-28B6495395A9}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ not found.
Starting removal of ActiveX control {572FECFC-F318-3508-7BE4-5FFD19C790D0}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ not found.
Starting removal of ActiveX control {584500CB-BA31-6980-C704-31C539EF3E5E}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{584500CB-BA31-6980-C704-31C539EF3E5E}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{584500CB-BA31-6980-C704-31C539EF3E5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{584500CB-BA31-6980-C704-31C539EF3E5E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{584500CB-BA31-6980-C704-31C539EF3E5E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{584500CB-BA31-6980-C704-31C539EF3E5E}\ not found.
Starting removal of ActiveX control {5A0FD641-25BF-043C-AEF1-02AC575B96AB}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ not found.
Starting removal of ActiveX control {5BFDB69B-F8BA-7601-F8D7-48512F58308D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ not found.
Starting removal of ActiveX control {5D614C73-516B-11A6-5D2F-21A4737DF2D2}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ not found.
Starting removal of ActiveX control {642496E4-C176-5F3F-8137-27FE0799EAAF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{642496E4-C176-5F3F-8137-27FE0799EAAF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ not found.
Starting removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
C:\WINDOWS\Downloaded Program Files\muweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Starting removal of ActiveX control {731C3B64-014E-0B77-4ACA-0A740CAC628C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ not found.
Starting removal of ActiveX control {7EA1B0EB-F285-1746-E496-35F5092ED220}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7EA1B0EB-F285-1746-E496-35F5092ED220}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ not found.
Starting removal of ActiveX control {7F6A6D02-05F2-3908-9C96-614901141404}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F6A6D02-05F2-3908-9C96-614901141404}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F6A6D02-05F2-3908-9C96-614901141404}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6A6D02-05F2-3908-9C96-614901141404}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7F6A6D02-05F2-3908-9C96-614901141404}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6A6D02-05F2-3908-9C96-614901141404}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9656B666-992F-4D74-8588-8CA69E97D90C}
C:\WINDOWS\Downloaded Program Files\default.INF moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9656B666-992F-4D74-8588-8CA69E97D90C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9656B666-992F-4D74-8588-8CA69E97D90C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9656B666-992F-4D74-8588-8CA69E97D90C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9656B666-992F-4D74-8588-8CA69E97D90C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Starting removal of ActiveX control {DB893839-10F0-4AF9-92FA-B23528F530AF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DB893839-10F0-4AF9-92FA-B23528F530AF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ not found.
Starting removal of ActiveX control {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}
C:\WINDOWS\Downloaded Program Files\start.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ not found.
Starting removal of ActiveX control {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ not found.
File Animation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\juyarono.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\sunasuyu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:logonui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:Control_RunDLL "sysdm.cpl" deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmnkjk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqNHbXO\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUmLExx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmiurv\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{13F20E4F-F379-41EA-8F80-CCAAE787362A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13F20E4F-F379-41EA-8F80-CCAAE787362A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msapsspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:schannel.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digest.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msnsspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:xlibgfl254.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:append.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\System32\rqRKCssS deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users
->Temp folder emptied: 104 bytes

User: hidden
->Temporary Internet Files folder emptied: 235176712 bytes
->Java cache emptied: 82641695 bytes
->Flash cache emptied: 39307 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temporary Internet Files folder emptied: 4993026 bytes

User: All

User: Limewire

User: Incomplete

User: Administrator
->Temporary Internet Files folder emptied: 636634 bytes

%systemdrive% .tmp files removed: 16405 bytes
%systemroot% .tmp files removed: 8524649 bytes
%systemroot%\System32 .tmp files removed: 43537 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13034324 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2644170 bytes
RecycleBin emptied: 18738845 bytes

Total Files Cleaned = 350.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: hidden
->Flash cache emptied: 0 bytes

User: NetworkService

User: LocalService

User: All

User: Limewire

User: Incomplete

User: Administrator

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 08172010_231744

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Perfect. Now that we have that cleaned up perhaps combofix will run.


Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Hi,

Please see log below. (It is too big so 2nd half is in next reply).

ComboFix 10-08-17.02 - hidden 17/08/2010 21:06:14.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.44.1033.18.256.71 [GMT 1:00]
Running from: c:\documents and settings\hidden\Desktop\commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\bold.log
c:\docume~1\hidden\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\hidden\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Start Menu\Programs\Startup\.protected
c:\documents and settings\hidden\.COMMgr
c:\documents and settings\hidden\Application Data\gadcom
c:\documents and settings\hidden\Application Data\Install.dat
c:\documents and settings\hidden\Application Data\rqhrbbxsh
c:\documents and settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe
c:\documents and settings\hidden\Application Data\Ultimate Cleaner
c:\documents and settings\hidden\Application Data\Ultimate Defender
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1165694545.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1165750955.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1171802164.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1172921571.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1173526514.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1174132619.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1177239168.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1178360970.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1180867251.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1182077804.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1183890954.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1185098346.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1185274845.log
c:\documents and settings\hidden\Application Data\xxx.exe
c:\documents and settings\hidden\file.exe
c:\program files\MyWay
c:\program files\MyWay\myBar\History\search
c:\program files\MyWay\myBar\Settings\prevcfg.htm
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\000383D9
c:\program files\Need2Find\bar\Cache\001AA1B1
c:\program files\Need2Find\bar\Cache\033BB69C
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\PestTrap
c:\program files\PestTrap\PestTrap.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\unzipped\Programs\Startup\.protected
c:\windows\.protected
c:\windows\cdmxtras
c:\windows\cookies.ini
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\GatorHDPlugin.log
c:\windows\inform.dat
c:\windows\pskt.ini
c:\windows\Readme.txt
c:\windows\start.exe
c:\windows\system32\AdCache
c:\windows\system32\AdCache\B_329_4_2_543300.htm
c:\windows\system32\aslsukgm.ini
c:\windows\system32\bb1.dat
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_0_0_219900.gif
c:\windows\system32\cache329\B_329_0_0_220300.gif
c:\windows\system32\cache329\B_329_0_0_256700.gif
c:\windows\system32\cache329\B_329_0_0_395300.gif
c:\windows\system32\cache329\B_329_0_0_412100.htm
c:\windows\system32\cache329\B_329_0_0_412100.swf
c:\windows\system32\cache329\B_329_0_0_412200.htm
c:\windows\system32\cache329\B_329_0_0_412200.swf
c:\windows\system32\cache329\B_329_0_0_446700.htm
c:\windows\system32\cache329\B_329_0_0_446800.htm
c:\windows\system32\cache329\B_329_0_0_446900.htm
c:\windows\system32\cache329\B_329_0_0_479500.gif
c:\windows\system32\cache329\B_329_0_0_479800.gif
c:\windows\system32\cache329\B_329_0_0_603200.GIF
c:\windows\system32\cache329\B_329_0_1_395300.gif
c:\windows\system32\cache329\B_329_0_1_411700.gif
c:\windows\system32\cache329\B_329_0_1_411800.htm
c:\windows\system32\cache329\B_329_0_1_411800.swf
c:\windows\system32\cache329\B_329_0_1_411900.htm
c:\windows\system32\cache329\B_329_0_1_411900.swf
c:\windows\system32\cache329\B_329_0_1_412000.htm
c:\windows\system32\cache329\B_329_0_1_412000.swf
c:\windows\system32\cache329\B_329_0_1_412100.htm
c:\windows\system32\cache329\B_329_0_1_412100.swf
c:\windows\system32\cache329\B_329_0_1_412200.htm
c:\windows\system32\cache329\B_329_0_1_412200.swf
c:\windows\system32\cache329\B_329_0_1_500800.htm
c:\windows\system32\cache329\B_329_0_1_500800.swf
c:\windows\system32\cache329\B_329_0_1_501600.htm
c:\windows\system32\cache329\B_329_0_1_501600.swf
c:\windows\system32\cache329\B_329_0_1_502100.htm
c:\windows\system32\cache329\B_329_0_1_502100.swf
c:\windows\system32\cache329\B_329_0_1_502600.htm
c:\windows\system32\cache329\B_329_0_1_502600.swf
c:\windows\system32\cache329\B_329_0_1_503600.gif
c:\windows\system32\cache329\B_329_0_1_504000.gif
c:\windows\system32\cache329\B_329_0_1_504300.htm
c:\windows\system32\cache329\B_329_0_1_504300.swf
c:\windows\system32\cache329\B_329_0_1_504800.gif
c:\windows\system32\cache329\B_329_0_1_504800.htm
c:\windows\system32\cache329\B_329_0_1_504800.swf
c:\windows\system32\cache329\B_329_0_1_505700.gif
c:\windows\system32\cache329\B_329_0_1_506700.gif
c:\windows\system32\cache329\B_329_0_1_507000.gif
c:\windows\system32\cache329\B_329_0_1_517200.gif
c:\windows\system32\cache329\B_329_0_1_517500.gif
c:\windows\system32\cache329\B_329_0_1_518500.htm
c:\windows\system32\cache329\B_329_0_1_520300.htm
c:\windows\system32\cache329\B_329_0_1_520900.gif
c:\windows\system32\cache329\B_329_0_1_525600.GIF
c:\windows\system32\cache329\B_329_0_1_526400.gif
c:\windows\system32\cache329\B_329_0_1_527000.htm
c:\windows\system32\cache329\B_329_0_1_527000.swf
c:\windows\system32\cache329\B_329_0_1_529800.gif
c:\windows\system32\cache329\B_329_0_1_531500.GIF
c:\windows\system32\cache329\B_329_0_1_532100.gif
c:\windows\system32\cache329\B_329_0_1_535900.gif
c:\windows\system32\cache329\B_329_0_1_536400.gif
c:\windows\system32\cache329\B_329_0_1_537200.htm
c:\windows\system32\cache329\B_329_0_1_537200.swf
c:\windows\system32\cache329\B_329_0_1_537500.GIF
c:\windows\system32\cache329\B_329_0_1_538100.htm
c:\windows\system32\cache329\B_329_0_1_538100.swf
c:\windows\system32\cache329\B_329_0_1_538700.htm
c:\windows\system32\cache329\B_329_0_1_538700.swf
c:\windows\system32\cache329\B_329_0_1_542100.gif
c:\windows\system32\cache329\B_329_0_1_546900.htm
c:\windows\system32\cache329\B_329_0_1_546900.swf
c:\windows\system32\cache329\B_329_0_1_547800.gif
c:\windows\system32\cache329\B_329_0_1_550500.htm
c:\windows\system32\cache329\B_329_0_1_550500.swf
c:\windows\system32\cache329\B_329_0_1_552700.gif
c:\windows\system32\cache329\B_329_0_1_557800.htm
c:\windows\system32\cache329\B_329_0_1_560200.gif
c:\windows\system32\cache329\B_329_0_1_560800.gif
c:\windows\system32\cache329\B_329_0_1_561100.gif
c:\windows\system32\cache329\B_329_0_1_567000.htm
c:\windows\system32\cache329\B_329_0_1_567000.swf
c:\windows\system32\cache329\B_329_0_1_570100.gif
c:\windows\system32\cache329\B_329_0_1_583800.gif
c:\windows\system32\cache329\B_329_0_1_584300.gif
c:\windows\system32\cache329\B_329_0_1_584400.gif
c:\windows\system32\cache329\B_329_0_1_586700.gif
c:\windows\system32\cache329\B_329_0_1_590600.htm
c:\windows\system32\cache329\B_329_0_1_590600.swf
c:\windows\system32\cache329\B_329_0_1_593700.gif
c:\windows\system32\cache329\B_329_0_1_594200.htm
c:\windows\system32\cache329\B_329_0_1_594200.swf
c:\windows\system32\cache329\B_329_0_1_596300.gif
c:\windows\system32\cache329\B_329_0_1_596600.htm
c:\windows\system32\cache329\B_329_0_1_596600.swf
c:\windows\system32\cache329\B_329_0_1_597700.gif
c:\windows\system32\cache329\B_329_0_1_603100.GIF
c:\windows\system32\cache329\B_329_0_1_604400.htm
c:\windows\system32\cache329\B_329_0_1_604400.swf
c:\windows\system32\cache329\B_329_0_1_604600.htm
c:\windows\system32\cache329\B_329_0_1_604600.swf
c:\windows\system32\cache329\B_329_0_1_608100.gif
c:\windows\system32\cache329\B_329_0_1_612300.gif
c:\windows\system32\cache329\B_329_0_1_613200.gif
c:\windows\system32\cache329\B_329_0_1_613300.gif
c:\windows\system32\cache329\B_329_0_1_613500.gif
c:\windows\system32\cache329\B_329_0_1_624100.GIF
c:\windows\system32\cache329\B_329_0_1_624200.htm
c:\windows\system32\cache329\B_329_0_1_624200.swf
c:\windows\system32\cache329\B_329_0_1_630200.GIF
c:\windows\system32\cache329\B_329_0_1_630700.htm
c:\windows\system32\cache329\B_329_0_1_630700.swf
c:\windows\system32\cache329\B_329_0_1_630800.htm
c:\windows\system32\cache329\B_329_0_1_630800.swf
c:\windows\system32\cache329\B_329_0_1_630900.htm
c:\windows\system32\cache329\B_329_0_1_630900.swf
c:\windows\system32\cache329\B_329_0_1_631100.htm
c:\windows\system32\cache329\B_329_0_1_631100.swf
c:\windows\system32\cache329\B_329_0_1_632200.htm
c:\windows\system32\cache329\B_329_0_1_632200.swf
c:\windows\system32\cache329\B_329_0_1_636600.gif
c:\windows\system32\cache329\B_329_0_1_636700.gif
c:\windows\system32\cache329\B_329_0_1_636800.gif
c:\windows\system32\cache329\B_329_0_1_637700.gif
c:\windows\system32\cache329\B_329_0_1_638000.gif
c:\windows\system32\cache329\B_329_0_1_638100.gif
c:\windows\system32\cache329\B_329_0_1_641400.gif
c:\windows\system32\cache329\B_329_0_1_654300.GIF
c:\windows\system32\cache329\B_329_0_1_662300.gif
c:\windows\system32\cache329\B_329_0_1_667000.gif
c:\windows\system32\cache329\B_329_0_1_674800.gif
c:\windows\system32\cache329\B_329_0_1_679300.GIF
c:\windows\system32\cache329\B_329_0_1_680900.GIF
c:\windows\system32\cache329\B_329_0_1_684800.GIF
c:\windows\system32\cache329\B_329_0_1_689300.gif
c:\windows\system32\cache329\B_329_0_1_691200.GIF
c:\windows\system32\cache329\B_329_0_1_691800.gif
c:\windows\system32\cache329\B_329_0_1_693100.gif
c:\windows\system32\cache329\B_329_0_1_694200.GIF
c:\windows\system32\cache329\B_329_0_1_699200.gif
c:\windows\system32\cache329\B_329_0_1_705100.gif
c:\windows\system32\cache329\B_329_0_1_707600.gif
c:\windows\system32\cache329\B_329_0_1_718500.gif
c:\windows\system32\cache329\B_329_0_1_722700.GIF
c:\windows\system32\cache329\B_329_0_1_724200.GIF
c:\windows\system32\cache329\B_329_0_1_725600.GIF
c:\windows\system32\cache329\B_329_0_1_725700.GIF
c:\windows\system32\cache329\B_329_0_1_727900.GIF
c:\windows\system32\cache329\B_329_0_1_731400.gif
c:\windows\system32\cache329\B_329_0_1_733200.gif
c:\windows\system32\cache329\B_329_0_1_733900.gif
c:\windows\system32\cache329\B_329_0_1_734000.gif
c:\windows\system32\cache329\B_329_0_1_740100.GIF
c:\windows\system32\cache329\B_329_0_1_741800.GIF
c:\windows\system32\cache329\B_329_0_1_742400.GIF
c:\windows\system32\cache329\B_329_0_1_747300.GIF
c:\windows\system32\cache329\B_329_0_1_779200.GIF
c:\windows\system32\cache329\B_329_0_1_780400.GIF
c:\windows\system32\cache329\B_329_0_1_794500.GIF
c:\windows\system32\cache329\B_329_0_1_796700.GIF
c:\windows\system32\cache329\B_329_0_1_799000.GIF
c:\windows\system32\cache329\B_329_0_2_256700.gif
c:\windows\system32\cache329\B_329_0_2_284800.gif
c:\windows\system32\cache329\B_329_0_2_404800.gif
c:\windows\system32\cache329\B_329_0_2_407800.gif
c:\windows\system32\cache329\B_329_0_2_408400.gif
c:\windows\system32\cache329\B_329_0_2_480200.gif
c:\windows\system32\cache329\B_329_0_2_501000.gif
c:\windows\system32\cache329\B_329_0_2_501600.gif
c:\windows\system32\cache329\B_329_0_2_504500.htm
c:\windows\system32\cache329\B_329_0_2_504500.jpg
c:\windows\system32\cache329\B_329_0_2_506300.gif
c:\windows\system32\cache329\B_329_0_2_506700.gif
c:\windows\system32\cache329\B_329_0_2_506900.GIF
c:\windows\system32\cache329\B_329_0_2_507000.gif
c:\windows\system32\cache329\B_329_0_2_507100.GIF
c:\windows\system32\cache329\B_329_0_2_513100.gif
c:\windows\system32\cache329\B_329_0_2_523500.htm
c:\windows\system32\cache329\B_329_0_2_523500.swf
c:\windows\system32\cache329\B_329_0_2_525500.GIF
c:\windows\system32\cache329\B_329_0_2_526100.gif
c:\windows\system32\cache329\B_329_0_2_526500.GIF
c:\windows\system32\cache329\B_329_0_2_528600.gif
c:\windows\system32\cache329\B_329_0_2_532000.gif
c:\windows\system32\cache329\B_329_0_2_534500.gif
c:\windows\system32\cache329\B_329_0_2_535900.gif
c:\windows\system32\cache329\B_329_0_2_536400.gif
c:\windows\system32\cache329\B_329_0_2_538700.gif
c:\windows\system32\cache329\B_329_0_2_538800.gif
c:\windows\system32\cache329\B_329_0_2_540900.gif
c:\windows\system32\cache329\B_329_0_2_544600.gif
c:\windows\system32\cache329\B_329_0_2_547800.gif
c:\windows\system32\cache329\B_329_0_2_554200.gif
c:\windows\system32\cache329\B_329_0_2_554800.gif
c:\windows\system32\cache329\B_329_0_2_560200.gif
c:\windows\system32\cache329\B_329_0_2_560700.gif
c:\windows\system32\cache329\B_329_0_2_560800.gif
c:\windows\system32\cache329\B_329_0_2_560900.gif
c:\windows\system32\cache329\B_329_0_2_577900.gif
c:\windows\system32\cache329\B_329_0_2_580500.GIF
c:\windows\system32\cache329\B_329_0_2_580700.gif
c:\windows\system32\cache329\B_329_0_2_584300.gif
c:\windows\system32\cache329\B_329_0_2_584400.gif
c:\windows\system32\cache329\B_329_0_2_590800.gif
c:\windows\system32\cache329\B_329_0_2_593900.htm
c:\windows\system32\cache329\B_329_0_2_593900.swf
c:\windows\system32\cache329\B_329_0_2_596300.gif
c:\windows\system32\cache329\B_329_0_2_596500.htm
c:\windows\system32\cache329\B_329_0_2_596500.swf
c:\windows\system32\cache329\B_329_0_2_597100.gif
c:\windows\system32\cache329\B_329_0_2_597300.gif
c:\windows\system32\cache329\B_329_0_2_608100.gif
c:\windows\system32\cache329\B_329_0_2_609600.gif
c:\windows\system32\cache329\B_329_0_2_610000.gif
c:\windows\system32\cache329\B_329_0_2_611700.GIF
c:\windows\system32\cache329\B_329_0_2_612300.gif
c:\windows\system32\cache329\B_329_0_2_612900.gif
c:\windows\system32\cache329\B_329_0_2_613000.gif
c:\windows\system32\cache329\B_329_0_2_613200.gif
c:\windows\system32\cache329\B_329_0_2_613300.gif
c:\windows\system32\cache329\B_329_0_2_613400.gif
c:\windows\system32\cache329\B_329_0_2_613500.gif
c:\windows\system32\cache329\B_329_0_2_621500.gif
c:\windows\system32\cache329\B_329_0_2_622100.gif
c:\windows\system32\cache329\B_329_0_2_625000.htm
c:\windows\system32\cache329\B_329_0_2_625000.swf
c:\windows\system32\cache329\B_329_0_2_630100.gif
c:\windows\system32\cache329\B_329_0_2_630500.GIF
c:\windows\system32\cache329\B_329_0_2_632200.htm
c:\windows\system32\cache329\B_329_0_2_632200.swf
c:\windows\system32\cache329\B_329_0_2_636400.GIF
c:\windows\system32\cache329\B_329_0_2_636600.gif
c:\windows\system32\cache329\B_329_0_2_636700.gif
c:\windows\system32\cache329\B_329_0_2_636800.gif
c:\windows\system32\cache329\B_329_0_2_637700.gif
c:\windows\system32\cache329\B_329_0_2_645500.GIF
c:\windows\system32\cache329\B_329_0_2_661400.GIF
c:\windows\system32\cache329\B_329_0_2_662300.gif
c:\windows\system32\cache329\B_329_0_2_662400.GIF
c:\windows\system32\cache329\B_329_0_2_663000.GIF
c:\windows\system32\cache329\B_329_0_2_663100.GIF
c:\windows\system32\cache329\B_329_0_2_663300.GIF
c:\windows\system32\cache329\B_329_0_2_664300.GIF
c:\windows\system32\cache329\B_329_0_2_672600.GIF
c:\windows\system32\cache329\B_329_0_2_673800.GIF
c:\windows\system32\cache329\B_329_0_2_674800.gif
c:\windows\system32\cache329\B_329_0_2_676200.gif
c:\windows\system32\cache329\B_329_0_2_724700.gif
c:\windows\system32\cache329\B_329_0_2_725700.gif
c:\windows\system32\cache329\B_329_0_2_726200.gif
c:\windows\system32\cache329\B_329_0_2_737100.gif
c:\windows\system32\cache329\B_329_0_2_742500.GIF
c:\windows\system32\cache329\B_329_0_2_746000.GIF
c:\windows\system32\cache329\B_329_0_2_756400.gif
c:\windows\system32\cache329\B_329_0_2_770300.GIF
c:\windows\system32\cache329\B_329_0_2_770400.GIF
c:\windows\system32\cache329\B_329_0_2_770500.GIF
c:\windows\system32\cache329\B_329_0_2_770700.GIF
c:\windows\system32\cache329\B_329_0_3_256600.htm
c:\windows\system32\cache329\B_329_0_3_256600.swf
c:\windows\system32\cache329\B_329_0_3_264100.htm
c:\windows\system32\cache329\B_329_0_3_264100.swf
c:\windows\system32\cache329\B_329_0_3_312500.htm
c:\windows\system32\cache329\B_329_0_3_312500.swf
c:\windows\system32\cache329\B_329_0_3_408200.gif
c:\windows\system32\cache329\B_329_0_3_495800.htm
c:\windows\system32\cache329\B_329_0_3_517800.gif
c:\windows\system32\cache329\B_329_0_3_534000.gif
c:\windows\system32\cache329\B_329_0_3_539000.gif
c:\windows\system32\cache329\B_329_0_3_560200.gif
c:\windows\system32\cache329\B_329_0_3_560800.gif
c:\windows\system32\cache329\B_329_0_3_565200.htm
c:\windows\system32\cache329\B_329_0_3_565200.swf
c:\windows\system32\cache329\B_329_0_3_565800.htm
c:\windows\system32\cache329\B_329_0_3_565800.swf
c:\windows\system32\cache329\B_329_0_3_568000.htm
c:\windows\system32\cache329\B_329_0_3_568000.swf
c:\windows\system32\cache329\B_329_0_3_568400.htm
c:\windows\system32\cache329\B_329_0_3_568400.swf
c:\windows\system32\cache329\B_329_0_3_671400.gif
c:\windows\system32\cache329\B_329_0_3_707600.gif
c:\windows\system32\cache329\B_329_0_3_726000.gif
c:\windows\system32\cache329\B_329_0_4_315900.htm
c:\windows\system32\cache329\B_329_0_4_315900.jpg
c:\windows\system32\cache329\B_329_0_4_407800.gif
c:\windows\system32\cache329\B_329_0_4_408200.gif
c:\windows\system32\cache329\B_329_0_4_408400.gif
c:\windows\system32\cache329\B_329_0_4_800100.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_2_0_395300.gif
c:\windows\system32\cache329\B_329_2_0_412100.htm
c:\windows\system32\cache329\B_329_2_0_412100.swf
c:\windows\system32\cache329\B_329_2_0_412200.htm
c:\windows\system32\cache329\B_329_2_0_412200.swf
c:\windows\system32\cache329\B_329_2_0_446700.htm
c:\windows\system32\cache329\B_329_2_0_446800.htm
c:\windows\system32\cache329\B_329_2_0_446900.htm
c:\windows\system32\cache329\B_329_2_0_479500.gif
c:\windows\system32\cache329\B_329_2_0_479800.gif
c:\windows\system32\cache329\B_329_2_0_603200.GIF
c:\windows\system32\cache329\B_329_2_1_395300.gif
c:\windows\system32\cache329\B_329_2_1_411700.gif
c:\windows\system32\cache329\B_329_2_1_411800.htm
c:\windows\system32\cache329\B_329_2_1_411800.swf
c:\windows\system32\cache329\B_329_2_1_411900.htm
c:\windows\system32\cache329\B_329_2_1_411900.swf
c:\windows\system32\cache329\B_329_2_1_412000.htm
c:\windows\system32\cache329\B_329_2_1_412000.swf
c:\windows\system32\cache329\B_329_2_1_412100.htm
c:\windows\system32\cache329\B_329_2_1_412100.swf
c:\windows\system32\cache329\B_329_2_1_412200.htm
c:\windows\system32\cache329\B_329_2_1_412200.swf
c:\windows\system32\cache329\B_329_2_1_500800.htm
c:\windows\system32\cache329\B_329_2_1_500800.swf
c:\windows\system32\cache329\B_329_2_1_501600.gif
c:\windows\system32\cache329\B_329_2_1_502100.htm
c:\windows\system32\cache329\B_329_2_1_502100.swf
c:\windows\system32\cache329\B_329_2_1_502600.htm
c:\windows\system32\cache329\B_329_2_1_502600.swf
c:\windows\system32\cache329\B_329_2_1_503400.gif
c:\windows\system32\cache329\B_329_2_1_503600.gif
c:\windows\system32\cache329\B_329_2_1_504000.gif
c:\windows\system32\cache329\B_329_2_1_504300.htm
c:\windows\system32\cache329\B_329_2_1_504300.swf
c:\windows\system32\cache329\B_329_2_1_504800.gif
c:\windows\system32\cache329\B_329_2_1_504800.htm
c:\windows\system32\cache329\B_329_2_1_504800.swf
c:\windows\system32\cache329\B_329_2_1_505700.gif
c:\windows\system32\cache329\B_329_2_1_506300.gif
c:\windows\system32\cache329\B_329_2_1_506700.gif
c:\windows\system32\cache329\B_329_2_1_507000.gif
c:\windows\system32\cache329\B_329_2_1_512200.GIF
c:\windows\system32\cache329\B_329_2_1_517200.gif
c:\windows\system32\cache329\B_329_2_1_517500.gif
c:\windows\system32\cache329\B_329_2_1_518500.htm
c:\windows\system32\cache329\B_329_2_1_520300.htm
c:\windows\system32\cache329\B_329_2_1_520900.gif
c:\windows\system32\cache329\B_329_2_1_521900.gif
c:\windows\system32\cache329\B_329_2_1_522100.gif
c:\windows\system32\cache329\B_329_2_1_525600.GIF
c:\windows\system32\cache329\B_329_2_1_526400.gif
c:\windows\system32\cache329\B_329_2_1_527000.htm
c:\windows\system32\cache329\B_329_2_1_527000.swf
c:\windows\system32\cache329\B_329_2_1_529800.gif
c:\windows\system32\cache329\B_329_2_1_530300.gif
c:\windows\system32\cache329\B_329_2_1_531500.GIF
c:\windows\system32\cache329\B_329_2_1_534500.gif
c:\windows\system32\cache329\B_329_2_1_534900.htm
c:\windows\system32\cache329\B_329_2_1_534900.swf
c:\windows\system32\cache329\B_329_2_1_535900.gif
c:\windows\system32\cache329\B_329_2_1_536400.gif
c:\windows\system32\cache329\B_329_2_1_537200.htm
c:\windows\system32\cache329\B_329_2_1_537200.swf
c:\windows\system32\cache329\B_329_2_1_537500.GIF
c:\windows\system32\cache329\B_329_2_1_538100.htm
c:\windows\system32\cache329\B_329_2_1_538100.swf
c:\windows\system32\cache329\B_329_2_1_538700.htm
c:\windows\system32\cache329\B_329_2_1_538700.swf
c:\windows\system32\cache329\B_329_2_1_540900.gif
c:\windows\system32\cache329\B_329_2_1_542100.gif
c:\windows\system32\cache329\B_329_2_1_546900.htm
c:\windows\system32\cache329\B_329_2_1_546900.swf
c:\windows\system32\cache329\B_329_2_1_547800.gif
c:\windows\system32\cache329\B_329_2_1_547800.htm
c:\windows\system32\cache329\B_329_2_1_547800.swf
c:\windows\system32\cache329\B_329_2_1_552700.gif
c:\windows\system32\cache329\B_329_2_1_557800.htm
c:\windows\system32\cache329\B_329_2_1_560800.gif
c:\windows\system32\cache329\B_329_2_1_561100.gif
c:\windows\system32\cache329\B_329_2_1_567000.htm
c:\windows\system32\cache329\B_329_2_1_567000.swf
c:\windows\system32\cache329\B_329_2_1_568200.gif
c:\windows\system32\cache329\B_329_2_1_568500.gif
c:\windows\system32\cache329\B_329_2_1_570100.gif
c:\windows\system32\cache329\B_329_2_1_581800.gif
c:\windows\system32\cache329\B_329_2_1_583000.gif
c:\windows\system32\cache329\B_329_2_1_583800.gif
c:\windows\system32\cache329\B_329_2_1_584300.gif
c:\windows\system32\cache329\B_329_2_1_584400.gif
c:\windows\system32\cache329\B_329_2_1_586700.gif
c:\windows\system32\cache329\B_329_2_1_587100.htm
c:\windows\system32\cache329\B_329_2_1_587100.swf
c:\windows\system32\cache329\B_329_2_1_590600.htm
c:\windows\system32\cache329\B_329_2_1_590600.swf
c:\windows\system32\cache329\B_329_2_1_593300.htm
c:\windows\system32\cache329\B_329_2_1_593300.swf
c:\windows\system32\cache329\B_329_2_1_593700.gif
c:\windows\system32\cache329\B_329_2_1_594200.htm
c:\windows\system32\cache329\B_329_2_1_594200.swf
c:\windows\system32\cache329\B_329_2_1_596300.gif
c:\windows\system32\cache329\B_329_2_1_596600.htm
c:\windows\system32\cache329\B_329_2_1_596600.swf
c:\windows\system32\cache329\B_329_2_1_597700.gif
c:\windows\system32\cache329\B_329_2_1_603100.GIF
c:\windows\system32\cache329\B_329_2_1_604400.htm
c:\windows\system32\cache329\B_329_2_1_604400.swf
c:\windows\system32\cache329\B_329_2_1_604600.htm
c:\windows\system32\cache329\B_329_2_1_604600.swf
c:\windows\system32\cache329\B_329_2_1_608100.gif
c:\windows\system32\cache329\B_329_2_1_611500.gif
c:\windows\system32\cache329\B_329_2_1_611700.gif
c:\windows\system32\cache329\B_329_2_1_612300.gif
c:\windows\system32\cache329\B_329_2_1_612900.gif
c:\windows\system32\cache329\B_329_2_1_613200.gif
c:\windows\system32\cache329\B_329_2_1_613300.gif
c:\windows\system32\cache329\B_329_2_1_613400.gif
c:\windows\system32\cache329\B_329_2_1_613500.gif
c:\windows\system32\cache329\B_329_2_1_619800.htm
c:\windows\system32\cache329\B_329_2_1_619800.swf
c:\windows\system32\cache329\B_329_2_1_620300.htm
c:\windows\system32\cache329\B_329_2_1_620300.swf
c:\windows\system32\cache329\B_329_2_1_620400.gif
c:\windows\system32\cache329\B_329_2_1_624100.GIF
c:\windows\system32\cache329\B_329_2_1_624200.htm
c:\windows\system32\cache329\B_329_2_1_624200.swf
c:\windows\system32\cache329\B_329_2_1_630200.GIF
c:\windows\system32\cache329\B_329_2_1_630800.htm
c:\windows\system32\cache329\B_329_2_1_630800.swf
c:\windows\system32\cache329\B_329_2_1_631000.gif
c:\windows\system32\cache329\B_329_2_1_631100.htm
c:\windows\system32\cache329\B_329_2_1_631100.swf
c:\windows\system32\cache329\B_329_2_1_632200.htm
c:\windows\system32\cache329\B_329_2_1_632200.swf
c:\windows\system32\cache329\B_329_2_1_636600.gif
c:\windows\system32\cache329\B_329_2_1_636700.gif
c:\windows\system32\cache329\B_329_2_1_636800.gif
c:\windows\system32\cache329\B_329_2_1_637700.gif
c:\windows\system32\cache329\B_329_2_1_638000.gif
c:\windows\system32\cache329\B_329_2_1_638100.gif
c:\windows\system32\cache329\B_329_2_1_641400.gif
c:\windows\system32\cache329\B_329_2_1_654300.GIF
c:\windows\system32\cache329\B_329_2_1_655100.gif
c:\windows\system32\cache329\B_329_2_1_662300.gif
c:\windows\system32\cache329\B_329_2_1_667000.gif
c:\windows\system32\cache329\B_329_2_1_679300.GIF
c:\windows\system32\cache329\B_329_2_1_680900.GIF
c:\windows\system32\cache329\B_329_2_1_682100.gif
c:\windows\system32\cache329\B_329_2_1_689300.gif
c:\windows\system32\cache329\B_329_2_1_690000.gif
c:\windows\system32\cache329\B_329_2_1_691200.GIF
c:\windows\system32\cache329\B_329_2_1_691800.gif
c:\windows\system32\cache329\B_329_2_1_693100.gif
c:\windows\system32\cache329\B_329_2_1_694200.GIF
c:\windows\system32\cache329\B_329_2_1_699200.gif
c:\windows\system32\cache329\B_329_2_1_700000.gif
c:\windows\system32\cache329\B_329_2_1_703700.gif
c:\windows\system32\cache329\B_329_2_1_705100.gif
c:\windows\system32\cache329\B_329_2_1_707600.gif
c:\windows\system32\cache329\B_329_2_1_718500.gif
c:\windows\system32\cache329\B_329_2_1_722700.GIF
c:\windows\system32\cache329\B_329_2_1_724200.GIF
c:\windows\system32\cache329\B_329_2_1_725200.gif
c:\windows\system32\cache329\B_329_2_1_725600.GIF
c:\windows\system32\cache329\B_329_2_1_725700.GIF
c:\windows\system32\cache329\B_329_2_1_726100.gif
c:\windows\system32\cache329\B_329_2_1_727900.GIF
c:\windows\system32\cache329\B_329_2_1_729700.gif
c:\windows\system32\cache329\B_329_2_1_733200.gif
c:\windows\system32\cache329\B_329_2_1_733900.gif
c:\windows\system32\cache329\B_329_2_1_734000.gif
c:\windows\system32\cache329\B_329_2_1_740000.GIF
c:\windows\system32\cache329\B_329_2_1_740100.GIF
c:\windows\system32\cache329\B_329_2_1_740200.GIF
c:\windows\system32\cache329\B_329_2_1_741800.GIF
c:\windows\system32\cache329\B_329_2_1_742400.GIF
c:\windows\system32\cache329\B_329_2_1_779200.GIF
c:\windows\system32\cache329\B_329_2_1_779600.GIF
c:\windows\system32\cache329\B_329_2_1_780400.GIF
c:\windows\system32\cache329\B_329_2_1_794500.GIF
c:\windows\system32\cache329\B_329_2_1_796700.GIF
c:\windows\system32\cache329\B_329_2_1_799000.GIF
c:\windows\system32\cache329\B_329_2_2_256700.gif
c:\windows\system32\cache329\B_329_2_2_284800.gif
c:\windows\system32\cache329\B_329_2_2_404800.gif
c:\windows\system32\cache329\B_329_2_2_407800.gif
c:\windows\system32\cache329\B_329_2_2_408400.gif
c:\windows\system32\cache329\B_329_2_2_480200.gif
c:\windows\system32\cache329\B_329_2_2_501000.gif
c:\windows\system32\cache329\B_329_2_2_501600.gif
c:\windows\system32\cache329\B_329_2_2_501600.htm
c:\windows\system32\cache329\B_329_2_2_501600.swf
c:\windows\system32\cache329\B_329_2_2_501900.htm
c:\windows\system32\cache329\B_329_2_2_501900.swf
c:\windows\system32\cache329\B_329_2_2_504500.htm
c:\windows\system32\cache329\B_329_2_2_504500.jpg
c:\windows\system32\cache329\B_329_2_2_504800.gif
c:\windows\system32\cache329\B_329_2_2_506300.gif
c:\windows\system32\cache329\B_329_2_2_506500.gif
c:\windows\system32\cache329\B_329_2_2_506700.gif
c:\windows\system32\cache329\B_329_2_2_506900.GIF
c:\windows\system32\cache329\B_329_2_2_507000.gif
c:\windows\system32\cache329\B_329_2_2_507100.GIF
c:\windows\system32\cache329\B_329_2_2_507100.htm
c:\windows\system32\cache329\B_329_2_2_507100.swf
c:\windows\system32\cache329\B_329_2_2_508200.gif
c:\windows\system32\cache329\B_329_2_2_521100.gif
c:\windows\system32\cache329\B_329_2_2_522200.gif
c:\windows\system32\cache329\B_329_2_2_523500.htm
c:\windows\system32\cache329\B_329_2_2_523500.swf
c:\windows\system32\cache329\B_329_2_2_523900.gif
c:\windows\system32\cache329\B_329_2_2_526100.gif
c:\windows\system32\cache329\B_329_2_2_528600.gif
c:\windows\system32\cache329\B_329_2_2_529600.htm
c:\windows\system32\cache329\B_329_2_2_529600.swf
c:\windows\system32\cache329\B_329_2_2_532000.gif
c:\windows\system32\cache329\B_329_2_2_534500.gif
c:\windows\system32\cache329\B_329_2_2_535900.gif
c:\windows\system32\cache329\B_329_2_2_536400.gif
c:\windows\system32\cache329\B_329_2_2_537200.htm
c:\windows\system32\cache329\B_329_2_2_537200.swf
c:\windows\system32\cache329\B_329_2_2_538700.htm
c:\windows\system32\cache329\B_329_2_2_538700.swf
c:\windows\system32\cache329\B_329_2_2_540900.gif
c:\windows\system32\cache329\B_329_2_2_541600.gif
c:\windows\system32\cache329\B_329_2_2_542400.gif
c:\windows\system32\cache329\B_329_2_2_542700.gif
c:\windows\system32\cache329\B_329_2_2_543200.gif
c:\windows\system32\cache329\B_329_2_2_543600.htm
c:\windows\system32\cache329\B_329_2_2_543600.swf
c:\windows\system32\cache329\B_329_2_2_544100.htm
c:\windows\system32\cache329\B_329_2_2_544100.swf
c:\windows\system32\cache329\B_329_2_2_544600.gif
c:\windows\system32\cache329\B_329_2_2_546600.htm
c:\windows\system32\cache329\B_329_2_2_546600.swf
c:\windows\system32\cache329\B_329_2_2_547400.gif
c:\windows\system32\cache329\B_329_2_2_550500.htm
c:\windows\system32\cache329\B_329_2_2_550500.swf
c:\windows\system32\cache329\B_329_2_2_551100.gif
c:\windows\system32\cache329\B_329_2_2_554200.gif
c:\windows\system32\cache329\B_329_2_2_554800.gif
c:\windows\system32\cache329\B_329_2_2_560200.gif
c:\windows\system32\cache329\B_329_2_2_560700.gif
c:\windows\system32\cache329\B_329_2_2_560800.gif
c:\windows\system32\cache329\B_329_2_2_577900.gif
c:\windows\system32\cache329\B_329_2_2_580700.gif
c:\windows\system32\cache329\B_329_2_2_584300.gif
c:\windows\system32\cache329\B_329_2_2_584400.gif
c:\windows\system32\cache329\B_329_2_2_590800.gif
c:\windows\system32\cache329\B_329_2_2_595700.gif
c:\windows\system32\cache329\B_329_2_2_596300.gif
c:\windows\system32\cache329\B_329_2_2_596500.htm
c:\windows\system32\cache329\B_329_2_2_596500.swf
c:\windows\system32\cache329\B_329_2_2_596600.htm
c:\windows\system32\cache329\B_329_2_2_596600.swf
c:\windows\system32\cache329\B_329_2_2_597000.gif
c:\windows\system32\cache329\B_329_2_2_597100.gif
c:\windows\system32\cache329\B_329_2_2_597200.gif
c:\windows\system32\cache329\B_329_2_2_597200.htm
c:\windows\system32\cache329\B_329_2_2_597200.swf
c:\windows\system32\cache329\B_329_2_2_597300.gif
c:\windows\system32\cache329\B_329_2_2_597800.gif
c:\windows\system32\cache329\B_329_2_2_602100.htm
c:\windows\system32\cache329\B_329_2_2_602100.swf
c:\windows\system32\cache329\B_329_2_2_608100.gif
c:\windows\system32\cache329\B_329_2_2_609600.gif
c:\windows\system32\cache329\B_329_2_2_610000.gif
c:\windows\system32\cache329\B_329_2_2_611000.htm
c:\windows\system32\cache329\B_329_2_2_611000.swf
c:\windows\system32\cache329\B_329_2_2_611700.GIF
c:\windows\system32\cache329\B_329_2_2_612300.gif
c:\windows\system32\cache329\B_329_2_2_612900.gif
c:\windows\system32\cache329\B_329_2_2_613000.gif
c:\windows\system32\cache329\B_329_2_2_613200.gif
c:\windows\system32\cache329\B_329_2_2_613300.gif
c:\windows\system32\cache329\B_329_2_2_613400.gif
c:\windows\system32\cache329\B_329_2_2_613500.gif
c:\windows\system32\cache329\B_329_2_2_619500.gif
c:\windows\system32\cache329\B_329_2_2_620500.gif
c:\windows\system32\cache329\B_329_2_2_621000.gif
c:\windows\system32\cache329\B_329_2_2_621100.gif
c:\windows\system32\cache329\B_329_2_2_621500.gif
c:\windows\system32\cache329\B_329_2_2_622100.gif
c:\windows\system32\cache329\B_329_2_2_623400.gif
c:\windows\system32\cache329\B_329_2_2_625000.htm
c:\windows\system32\cache329\B_329_2_2_625000.swf
c:\windows\system32\cache329\B_329_2_2_630100.gif
c:\windows\system32\cache329\B_329_2_2_630500.GIF
c:\windows\system32\cache329\B_329_2_2_632200.htm
c:\windows\system32\cache329\B_329_2_2_632200.swf
c:\windows\system32\cache329\B_329_2_2_634900.gif
c:\windows\system32\cache329\B_329_2_2_636400.GIF
c:\windows\system32\cache329\B_329_2_2_636600.gif
c:\windows\system32\cache329\B_329_2_2_636700.gif
c:\windows\system32\cache329\B_329_2_2_636800.gif
c:\windows\system32\cache329\B_329_2_2_637700.gif
c:\windows\system32\cache329\B_329_2_2_645500.GIF
c:\windows\system32\cache329\B_329_2_2_648300.htm
c:\windows\system32\cache329\B_329_2_2_650500.htm
c:\windows\system32\cache329\B_329_2_2_650500.swf
c:\windows\system32\cache329\B_329_2_2_653800.gif
c:\windows\system32\cache329\B_329_2_2_657800.gif
c:\windows\system32\cache329\B_329_2_2_662300.gif
c:\windows\system32\cache329\B_329_2_2_662400.GIF
c:\windows\system32\cache329\B_329_2_2_663000.GIF
c:\windows\system32\cache329\B_329_2_2_663100.GIF
c:\windows\system32\cache329\B_329_2_2_663300.GIF
c:\windows\system32\cache329\B_329_2_2_664100.gif
c:\windows\system32\cache329\B_329_2_2_664300.GIF
c:\windows\system32\cache329\B_329_2_2_667000.gif
c:\windows\system32\cache329\B_329_2_2_676700.gif
c:\windows\system32\cache329\B_329_2_2_679000.gif
c:\windows\system32\cache329\B_329_2_2_682100.gif
c:\windows\system32\cache329\B_329_2_2_700000.gif
c:\windows\system32\cache329\B_329_2_2_724700.gif
c:\windows\system32\cache329\B_329_2_2_725700.gif
c:\windows\system32\cache329\B_329_2_2_725900.gif
c:\windows\system32\cache329\B_329_2_2_726100.gif
c:\windows\system32\cache329\B_329_2_2_726200.gif
c:\windows\system32\cache329\B_329_2_2_737100.gif
c:\windows\system32\cache329\B_329_2_2_742500.GIF
c:\windows\system32\cache329\B_329_2_2_746000.GIF
c:\windows\system32\cache329\B_329_2_2_756400.gif
c:\windows\system32\cache329\B_329_2_2_770300.GIF
c:\windows\system32\cache329\B_329_2_2_770400.GIF
c:\windows\system32\cache329\B_329_2_2_770500.GIF
c:\windows\system32\cache329\B_329_2_2_770700.GIF
c:\windows\system32\cache329\B_329_2_3_256600.htm
c:\windows\system32\cache329\B_329_2_3_256600.swf
c:\windows\system32\cache329\B_329_2_3_264100.htm
c:\windows\system32\cache329\B_329_2_3_264100.swf
c:\windows\system32\cache329\B_329_2_3_284800.gif
c:\windows\system32\cache329\B_329_2_3_312500.htm
c:\windows\system32\cache329\B_329_2_3_312500.swf
c:\windows\system32\cache329\B_329_2_3_404800.gif
c:\windows\system32\cache329\B_329_2_3_408200.gif
c:\windows\system32\cache329\B_329_2_3_480200.gif
c:\windows\system32\cache329\B_329_2_3_482700.gif
c:\windows\system32\cache329\B_329_2_3_486000.gif
c:\windows\system32\cache329\B_329_2_3_513800.gif
c:\windows\system32\cache329\B_329_2_3_517800.gif
c:\windows\system32\cache329\B_329_2_3_526400.htm
c:\windows\system32\cache329\B_329_2_3_526400.jpg
c:\windows\system32\cache329\B_329_2_3_539000.gif
c:\windows\system32\cache329\B_329_2_3_560200.gif
c:\windows\system32\cache329\B_329_2_3_560800.gif
c:\windows\system32\cache329\B_329_2_3_572800.gif
c:\windows\system32\cache329\B_329_2_3_574300.gif
c:\windows\system32\cache329\B_329_2_3_585000.htm
c:\windows\system32\cache329\B_329_2_3_585000.swf
c:\windows\system32\cache329\B_329_2_3_588600.htm
c:\windows\system32\cache329\B_329_2_3_588600.swf
c:\windows\system32\cache329\B_329_2_3_668600.gif
c:\windows\system32\cache329\B_329_2_3_668800.gif
c:\windows\system32\cache329\B_329_2_3_671400.gif
c:\windows\system32\cache329\B_329_2_3_707600.gif
c:\windows\system32\cache329\B_329_2_3_726000.gif
c:\windows\system32\cache329\B_329_2_4_315900.htm
c:\windows\system32\cache329\B_329_2_4_315900.jpg
c:\windows\system32\cache329\B_329_2_4_407800.gif
c:\windows\system32\cache329\B_329_2_4_408200.gif
c:\windows\system32\cache329\B_329_2_4_408400.gif
c:\windows\system32\cache329\B_329_2_4_624200.htm
c:\windows\system32\cache329\B_329_2_4_624200.swf
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_256700.gif
c:\windows\system32\cache329\B_329_3_0_412100.htm
c:\windows\system32\cache329\B_329_3_0_412100.swf
c:\windows\system32\cache329\B_329_3_0_412200.htm
c:\windows\system32\cache329\B_329_3_0_412200.swf
c:\windows\system32\cache329\B_329_3_0_446700.htm
c:\windows\system32\cache329\B_329_3_0_446800.htm
c:\windows\system32\cache329\B_329_3_0_446900.htm
c:\windows\system32\cache329\B_329_3_0_479500.gif
c:\windows\system32\cache329\B_329_3_0_479800.gif
c:\windows\system32\cache329\B_329_3_0_603200.GIF
c:\windows\system32\cache329\B_329_3_1_395300.gif
c:\windows\system32\cache329\B_329_3_1_411700.gif
c:\windows\system32\cache329\B_329_3_1_411800.htm
c:\windows\system32\cache329\B_329_3_1_411800.swf
c:\windows\system32\cache329\B_329_3_1_411900.htm
c:\windows\system32\cache329\B_329_3_1_411900.swf
c:\windows\system32\cache329\B_329_3_1_412000.htm
c:\windows\system32\cache329\B_329_3_1_412000.swf
c:\windows\system32\cache329\B_329_3_1_412100.htm
c:\windows\system32\cache329\B_329_3_1_412100.swf
c:\windows\system32\cache329\B_329_3_1_412200.htm
c:\windows\system32\cache329\B_329_3_1_412200.swf
c:\windows\system32\cache329\B_329_3_1_500800.htm
c:\windows\system32\cache329\B_329_3_1_500800.swf
c:\windows\system32\cache329\B_329_3_1_502100.htm
c:\windows\system32\cache329\B_329_3_1_502100.swf
c:\windows\system32\cache329\B_329_3_1_502600.htm
c:\windows\system32\cache329\B_329_3_1_502600.swf
c:\windows\system32\cache329\B_329_3_1_503600.gif
c:\windows\system32\cache329\B_329_3_1_504000.gif
c:\windows\system32\cache329\B_329_3_1_504300.htm
c:\windows\system32\cache329\B_329_3_1_504300.swf
c:\windows\system32\cache329\B_329_3_1_504800.gif
c:\windows\system32\cache329\B_329_3_1_504800.htm
c:\windows\system32\cache329\B_329_3_1_504800.swf
c:\windows\system32\cache329\B_329_3_1_505700.gif
c:\windows\system32\cache329\B_329_3_1_506700.gif
c:\windows\system32\cache329\B_329_3_1_507000.gif
c:\windows\system32\cache329\B_329_3_1_517200.gif
c:\windows\system32\cache329\B_329_3_1_517500.gif
c:\windows\system32\cache329\B_329_3_1_518500.htm
c:\windows\system32\cache329\B_329_3_1_520300.htm
c:\windows\system32\cache329\B_329_3_1_520900.gif
c:\windows\system32\cache329\B_329_3_1_525600.GIF
c:\windows\system32\cache329\B_329_3_1_526400.gif
c:\windows\system32\cache329\B_329_3_1_527000.htm
c:\windows\system32\cache329\B_329_3_1_527000.swf
c:\windows\system32\cache329\B_329_3_1_531500.GIF
c:\windows\system32\cache329\B_329_3_1_534500.gif
c:\windows\system32\cache329\B_329_3_1_535900.gif
c:\windows\system32\cache329\B_329_3_1_536400.gif
c:\windows\system32\cache329\B_329_3_1_537200.htm
c:\windows\system32\cache329\B_329_3_1_537200.swf
c:\windows\system32\cache329\B_329_3_1_537500.GIF
c:\windows\system32\cache329\B_329_3_1_538100.htm
c:\windows\system32\cache329\B_329_3_1_538100.swf
c:\windows\system32\cache329\B_329_3_1_538700.htm
c:\windows\system32\cache329\B_329_3_1_538700.swf
c:\windows\system32\cache329\B_329_3_1_542100.gif
c:\windows\system32\cache329\B_329_3_1_546900.htm
c:\windows\system32\cache329\B_329_3_1_546900.swf
c:\windows\system32\cache329\B_329_3_1_547800.gif
c:\windows\system32\cache329\B_329_3_1_549100.htm
c:\windows\system32\cache329\B_329_3_1_549100.swf
c:\windows\system32\cache329\B_329_3_1_550500.htm
c:\windows\system32\cache329\B_329_3_1_550500.swf
c:\windows\system32\cache329\B_329_3_1_552700.gif
c:\windows\system32\cache329\B_329_3_1_557800.htm
c:\windows\system32\cache329\B_329_3_1_560800.gif
c:\windows\system32\cache329\B_329_3_1_561100.gif
c:\windows\system32\cache329\B_329_3_1_567000.htm
c:\windows\system32\cache329\B_329_3_1_567000.swf
c:\windows\system32\cache329\B_329_3_1_570100.gif
c:\windows\system32\cache329\B_329_3_1_583000.gif
c:\windows\system32\cache329\B_329_3_1_583800.gif
c:\windows\system32\cache329\B_329_3_1_584300.gif
c:\windows\system32\cache329\B_329_3_1_584400.gif
c:\windows\system32\cache329\B_329_3_1_586700.gif
c:\windows\system32\cache329\B_329_3_1_590600.htm
c:\windows\system32\cache329\B_329_3_1_590600.swf
c:\windows\system32\cache329\B_329_3_1_594200.htm
c:\windows\system32\cache329\B_329_3_1_594200.swf
c:\windows\system32\cache329\B_329_3_1_596300.gif
c:\windows\system32\cache329\B_329_3_1_596600.htm
c:\windows\system32\cache329\B_329_3_1_596600.swf
c:\windows\system32\cache329\B_329_3_1_603100.GIF
c:\windows\system32\cache329\B_329_3_1_604400.htm
c:\windows\system32\cache329\B_329_3_1_604400.swf
c:\windows\system32\cache329\B_329_3_1_604600.htm
c:\windows\system32\cache329\B_329_3_1_604600.swf

c:\windows\system32\cache329\B_329_3_1_608100.gif
c:\windows\system32\cache329\B_329_3_1_612300.gif
c:\windows\system32\cache329\B_329_3_1_612900.gif
c:\windows\system32\cache329\B_329_3_1_613000.gif
c:\windows\system32\cache329\B_329_3_1_613200.gif
c:\windows\system32\cache329\B_329_3_1_613300.gif
c:\windows\system32\cache329\B_329_3_1_613400.gif
c:\windows\system32\cache329\B_329_3_1_613500.gif
c:\windows\system32\cache329\B_329_3_1_619800.htm
c:\windows\system32\cache329\B_329_3_1_619800.swf
c:\windows\system32\cache329\B_329_3_1_620400.gif
c:\windows\system32\cache329\B_329_3_1_624100.GIF
c:\windows\system32\cache329\B_329_3_1_624200.htm
c:\windows\system32\cache329\B_329_3_1_624200.swf
c:\windows\system32\cache329\B_329_3_1_630700.htm
c:\windows\system32\cache329\B_329_3_1_630700.swf
c:\windows\system32\cache329\B_329_3_1_630800.htm
c:\windows\system32\cache329\B_329_3_1_630800.swf
c:\windows\system32\cache329\B_329_3_1_630900.htm
c:\windows\system32\cache329\B_329_3_1_630900.swf
c:\windows\system32\cache329\B_329_3_1_631100.htm
c:\windows\system32\cache329\B_329_3_1_631100.swf
c:\windows\system32\cache329\B_329_3_1_632200.htm
c:\windows\system32\cache329\B_329_3_1_632200.swf
c:\windows\system32\cache329\B_329_3_1_636600.gif
c:\windows\system32\cache329\B_329_3_1_636700.gif
c:\windows\system32\cache329\B_329_3_1_636800.gif
c:\windows\system32\cache329\B_329_3_1_637700.gif
c:\windows\system32\cache329\B_329_3_1_638000.gif
c:\windows\system32\cache329\B_329_3_1_638100.gif
c:\windows\system32\cache329\B_329_3_1_641400.gif
c:\windows\system32\cache329\B_329_3_1_654300.GIF
c:\windows\system32\cache329\B_329_3_1_662300.gif
c:\windows\system32\cache329\B_329_3_1_667000.gif
c:\windows\system32\cache329\B_329_3_1_679300.GIF
c:\windows\system32\cache329\B_329_3_1_680900.GIF
c:\windows\system32\cache329\B_329_3_1_689300.gif
c:\windows\system32\cache329\B_329_3_1_691200.GIF
c:\windows\system32\cache329\B_329_3_1_691800.gif
c:\windows\system32\cache329\B_329_3_1_693100.gif
c:\windows\system32\cache329\B_329_3_1_694200.GIF
c:\windows\system32\cache329\B_329_3_1_699200.gif
c:\windows\system32\cache329\B_329_3_1_705100.gif
c:\windows\system32\cache329\B_329_3_1_707600.gif
c:\windows\system32\cache329\B_329_3_1_718500.gif
c:\windows\system32\cache329\B_329_3_1_722700.GIF
c:\windows\system32\cache329\B_329_3_1_724200.GIF
c:\windows\system32\cache329\B_329_3_1_725600.GIF
c:\windows\system32\cache329\B_329_3_1_725700.GIF
c:\windows\system32\cache329\B_329_3_1_733900.gif
c:\windows\system32\cache329\B_329_3_1_734000.gif
c:\windows\system32\cache329\B_329_3_1_740100.GIF
c:\windows\system32\cache329\B_329_3_1_741800.GIF
c:\windows\system32\cache329\B_329_3_1_742400.GIF
c:\windows\system32\cache329\B_329_3_1_779200.GIF
c:\windows\system32\cache329\B_329_3_1_780400.GIF
c:\windows\system32\cache329\B_329_3_1_794500.GIF
c:\windows\system32\cache329\B_329_3_1_796700.GIF
c:\windows\system32\cache329\B_329_3_1_799000.GIF
c:\windows\system32\cache329\B_329_3_2_256700.gif
c:\windows\system32\cache329\B_329_3_2_284800.gif
c:\windows\system32\cache329\B_329_3_2_404800.gif
c:\windows\system32\cache329\B_329_3_2_407800.gif
c:\windows\system32\cache329\B_329_3_2_480200.gif
c:\windows\system32\cache329\B_329_3_2_501000.gif
c:\windows\system32\cache329\B_329_3_2_501600.gif
c:\windows\system32\cache329\B_329_3_2_501600.htm
c:\windows\system32\cache329\B_329_3_2_501600.swf
c:\windows\system32\cache329\B_329_3_2_501900.htm
c:\windows\system32\cache329\B_329_3_2_501900.swf
c:\windows\system32\cache329\B_329_3_2_504500.htm
c:\windows\system32\cache329\B_329_3_2_504500.jpg
c:\windows\system32\cache329\B_329_3_2_506100.gif
c:\windows\system32\cache329\B_329_3_2_506300.gif
c:\windows\system32\cache329\B_329_3_2_506500.gif
c:\windows\system32\cache329\B_329_3_2_506700.gif
c:\windows\system32\cache329\B_329_3_2_506900.GIF
c:\windows\system32\cache329\B_329_3_2_507000.gif
c:\windows\system32\cache329\B_329_3_2_507100.GIF
c:\windows\system32\cache329\B_329_3_2_522200.gif
c:\windows\system32\cache329\B_329_3_2_523500.htm
c:\windows\system32\cache329\B_329_3_2_523500.swf
c:\windows\system32\cache329\B_329_3_2_526100.gif
c:\windows\system32\cache329\B_329_3_2_528600.gif
c:\windows\system32\cache329\B_329_3_2_532000.gif
c:\windows\system32\cache329\B_329_3_2_534500.gif
c:\windows\system32\cache329\B_329_3_2_535900.gif
c:\windows\system32\cache329\B_329_3_2_537200.htm
c:\windows\system32\cache329\B_329_3_2_537200.swf
c:\windows\system32\cache329\B_329_3_2_538100.htm
c:\windows\system32\cache329\B_329_3_2_538100.swf
c:\windows\system32\cache329\B_329_3_2_540900.gif
c:\windows\system32\cache329\B_329_3_2_544600.gif
c:\windows\system32\cache329\B_329_3_2_547800.gif
c:\windows\system32\cache329\B_329_3_2_554200.gif
c:\windows\system32\cache329\B_329_3_2_554800.gif
c:\windows\system32\cache329\B_329_3_2_558400.gif
c:\windows\system32\cache329\B_329_3_2_560200.gif
c:\windows\system32\cache329\B_329_3_2_560700.gif
c:\windows\system32\cache329\B_329_3_2_560800.gif
c:\windows\system32\cache329\B_329_3_2_577900.gif
c:\windows\system32\cache329\B_329_3_2_580700.gif
c:\windows\system32\cache329\B_329_3_2_584300.gif
c:\windows\system32\cache329\B_329_3_2_584400.gif
c:\windows\system32\cache329\B_329_3_2_590800.gif
c:\windows\system32\cache329\B_329_3_2_594200.htm
c:\windows\system32\cache329\B_329_3_2_594200.swf
c:\windows\system32\cache329\B_329_3_2_596300.gif
c:\windows\system32\cache329\B_329_3_2_596600.htm
c:\windows\system32\cache329\B_329_3_2_596600.swf
c:\windows\system32\cache329\B_329_3_2_597300.gif
c:\windows\system32\cache329\B_329_3_2_608100.gif
c:\windows\system32\cache329\B_329_3_2_611700.GIF
c:\windows\system32\cache329\B_329_3_2_612300.gif
c:\windows\system32\cache329\B_329_3_2_612900.gif
c:\windows\system32\cache329\B_329_3_2_613000.gif
c:\windows\system32\cache329\B_329_3_2_613200.gif
c:\windows\system32\cache329\B_329_3_2_613300.gif
c:\windows\system32\cache329\B_329_3_2_613400.gif
c:\windows\system32\cache329\B_329_3_2_613500.gif
c:\windows\system32\cache329\B_329_3_2_619500.gif
c:\windows\system32\cache329\B_329_3_2_621500.gif
c:\windows\system32\cache329\B_329_3_2_622100.gif
c:\windows\system32\cache329\B_329_3_2_623400.gif
c:\windows\system32\cache329\B_329_3_2_625000.htm
c:\windows\system32\cache329\B_329_3_2_625000.swf
c:\windows\system32\cache329\B_329_3_2_630100.gif
c:\windows\system32\cache329\B_329_3_2_630500.GIF
c:\windows\system32\cache329\B_329_3_2_632200.htm
c:\windows\system32\cache329\B_329_3_2_632200.swf
c:\windows\system32\cache329\B_329_3_2_634900.gif
c:\windows\system32\cache329\B_329_3_2_636400.GIF
c:\windows\system32\cache329\B_329_3_2_636600.gif
c:\windows\system32\cache329\B_329_3_2_636700.gif
c:\windows\system32\cache329\B_329_3_2_636800.gif
c:\windows\system32\cache329\B_329_3_2_637700.gif
c:\windows\system32\cache329\B_329_3_2_645500.GIF
c:\windows\system32\cache329\B_329_3_2_657800.gif
c:\windows\system32\cache329\B_329_3_2_662300.gif
c:\windows\system32\cache329\B_329_3_2_662400.GIF
c:\windows\system32\cache329\B_329_3_2_663000.GIF
c:\windows\system32\cache329\B_329_3_2_663100.GIF
c:\windows\system32\cache329\B_329_3_2_663300.GIF
c:\windows\system32\cache329\B_329_3_2_664100.gif
c:\windows\system32\cache329\B_329_3_2_664300.GIF
c:\windows\system32\cache329\B_329_3_2_676700.gif
c:\windows\system32\cache329\B_329_3_2_679000.gif
c:\windows\system32\cache329\B_329_3_2_724700.gif
c:\windows\system32\cache329\B_329_3_2_725800.gif
c:\windows\system32\cache329\B_329_3_2_726200.gif
c:\windows\system32\cache329\B_329_3_2_737100.gif
c:\windows\system32\cache329\B_329_3_2_742500.GIF
c:\windows\system32\cache329\B_329_3_2_746000.GIF
c:\windows\system32\cache329\B_329_3_2_756400.gif
c:\windows\system32\cache329\B_329_3_2_770300.GIF
c:\windows\system32\cache329\B_329_3_2_770400.GIF
c:\windows\system32\cache329\B_329_3_2_770500.GIF
c:\windows\system32\cache329\B_329_3_2_770700.GIF
c:\windows\system32\cache329\B_329_3_3_256600.htm
c:\windows\system32\cache329\B_329_3_3_256600.swf
c:\windows\system32\cache329\B_329_3_3_264100.htm
c:\windows\system32\cache329\B_329_3_3_264100.swf
c:\windows\system32\cache329\B_329_3_3_312500.htm
c:\windows\system32\cache329\B_329_3_3_312500.swf
c:\windows\system32\cache329\B_329_3_3_404800.gif
c:\windows\system32\cache329\B_329_3_3_480200.gif
c:\windows\system32\cache329\B_329_3_3_482700.gif
c:\windows\system32\cache329\B_329_3_3_486000.gif
c:\windows\system32\cache329\B_329_3_3_495800.htm
c:\windows\system32\cache329\B_329_3_3_513800.gif
c:\windows\system32\cache329\B_329_3_3_517800.gif
c:\windows\system32\cache329\B_329_3_3_534000.gif
c:\windows\system32\cache329\B_329_3_3_539000.gif
c:\windows\system32\cache329\B_329_3_3_556200.gif
c:\windows\system32\cache329\B_329_3_3_560200.gif
c:\windows\system32\cache329\B_329_3_3_560800.gif
c:\windows\system32\cache329\B_329_3_3_565200.htm
c:\windows\system32\cache329\B_329_3_3_565200.swf
c:\windows\system32\cache329\B_329_3_3_565800.htm
c:\windows\system32\cache329\B_329_3_3_565800.swf
c:\windows\system32\cache329\B_329_3_3_568000.htm
c:\windows\system32\cache329\B_329_3_3_568000.swf
c:\windows\system32\cache329\B_329_3_3_568400.htm
c:\windows\system32\cache329\B_329_3_3_568400.swf
c:\windows\system32\cache329\B_329_3_3_572800.gif
c:\windows\system32\cache329\B_329_3_3_574300.gif
c:\windows\system32\cache329\B_329_3_3_668600.gif
c:\windows\system32\cache329\B_329_3_3_668800.gif
c:\windows\system32\cache329\B_329_3_3_671400.gif
c:\windows\system32\cache329\B_329_3_3_707600.gif
c:\windows\system32\cache329\B_329_3_3_726000.gif
c:\windows\system32\cache329\B_329_3_4_315900.htm
c:\windows\system32\cache329\B_329_3_4_315900.jpg
c:\windows\system32\cache329\B_329_3_4_407800.gif
c:\windows\system32\cache329\B_329_3_4_408200.gif
c:\windows\system32\cache329\B_329_3_4_408400.gif
c:\windows\system32\cache329\B_329_3_4_800100.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\B_329_4_0_221900.gif
c:\windows\system32\cache329\B_329_4_0_221900.htm
c:\windows\system32\cache329\B_329_4_0_240300.gif
c:\windows\system32\cache329\B_329_4_0_240300.htm
c:\windows\system32\cache329\B_329_4_0_240600.gif
c:\windows\system32\cache329\B_329_4_0_240600.htm
c:\windows\system32\cache329\B_329_4_0_302800.htm
c:\windows\system32\cache329\B_329_4_0_313600.htm
c:\windows\system32\cache329\B_329_4_0_359800.htm
c:\windows\system32\cache329\B_329_4_0_418100.htm
c:\windows\system32\cache329\B_329_4_0_418200.htm
c:\windows\system32\cache329\B_329_4_0_438700.htm
c:\windows\system32\cache329\B_329_4_0_477600.htm
c:\windows\system32\cache329\B_329_4_1_500000.htm
c:\windows\system32\cache329\B_329_4_1_500100.htm
c:\windows\system32\cache329\B_329_4_1_501000.htm
c:\windows\system32\cache329\B_329_4_1_501400.htm
c:\windows\system32\cache329\B_329_4_1_501500.htm
c:\windows\system32\cache329\B_329_4_1_501500.swf
c:\windows\system32\cache329\B_329_4_1_501800.htm
c:\windows\system32\cache329\B_329_4_1_503000.htm
c:\windows\system32\cache329\B_329_4_1_503800.htm
c:\windows\system32\cache329\B_329_4_1_504000.htm
c:\windows\system32\cache329\B_329_4_1_504000.swf
c:\windows\system32\cache329\B_329_4_1_504800.htm
c:\windows\system32\cache329\B_329_4_1_504800.swf
c:\windows\system32\cache329\B_329_4_1_505000.htm
c:\windows\system32\cache329\B_329_4_1_505100.htm
c:\windows\system32\cache329\B_329_4_1_506400.htm
c:\windows\system32\cache329\B_329_4_1_506400.swf
c:\windows\system32\cache329\B_329_4_1_507200.htm
c:\windows\system32\cache329\B_329_4_1_507800.gif
c:\windows\system32\cache329\B_329_4_1_507800.htm
c:\windows\system32\cache329\B_329_4_1_508200.htm
c:\windows\system32\cache329\B_329_4_1_508600.htm
c:\windows\system32\cache329\B_329_4_1_509800.gif
c:\windows\system32\cache329\B_329_4_1_509800.htm
c:\windows\system32\cache329\B_329_4_1_510900.htm
c:\windows\system32\cache329\B_329_4_1_511200.htm
c:\windows\system32\cache329\B_329_4_1_511200.swf
c:\windows\system32\cache329\B_329_4_1_511800.htm
c:\windows\system32\cache329\B_329_4_1_512100.gif
c:\windows\system32\cache329\B_329_4_1_512100.htm
c:\windows\system32\cache329\B_329_4_1_512900.htm
c:\windows\system32\cache329\B_329_4_1_513500.htm
c:\windows\system32\cache329\B_329_4_1_513500.swf
c:\windows\system32\cache329\B_329_4_1_515200.gif
c:\windows\system32\cache329\B_329_4_1_515200.htm
c:\windows\system32\cache329\B_329_4_1_515500.htm
c:\windows\system32\cache329\B_329_4_1_516400.gif
c:\windows\system32\cache329\B_329_4_1_516400.htm
c:\windows\system32\cache329\B_329_4_1_516700.htm
c:\windows\system32\cache329\B_329_4_1_517200.htm
c:\windows\system32\cache329\B_329_4_1_517400.htm
c:\windows\system32\cache329\B_329_4_1_517500.htm
c:\windows\system32\cache329\B_329_4_1_517600.htm
c:\windows\system32\cache329\B_329_4_1_518800.htm
c:\windows\system32\cache329\B_329_4_1_518900.htm
c:\windows\system32\cache329\B_329_4_1_519000.htm
c:\windows\system32\cache329\B_329_4_1_520300.htm
c:\windows\system32\cache329\B_329_4_1_521100.htm
c:\windows\system32\cache329\B_329_4_1_521100.jpg
c:\windows\system32\cache329\B_329_4_1_521200.gif
c:\windows\system32\cache329\B_329_4_1_521200.htm
c:\windows\system32\cache329\B_329_4_1_521600.htm
c:\windows\system32\cache329\B_329_4_1_523300.htm
c:\windows\system32\cache329\B_329_4_1_524500.htm
c:\windows\system32\cache329\B_329_4_1_525000.htm
c:\windows\system32\cache329\B_329_4_1_526100.htm
c:\windows\system32\cache329\B_329_4_1_526300.htm
c:\windows\system32\cache329\B_329_4_1_527900.htm
c:\windows\system32\cache329\B_329_4_1_527900.swf
c:\windows\system32\cache329\B_329_4_1_528400.htm
c:\windows\system32\cache329\B_329_4_1_531600.htm
c:\windows\system32\cache329\B_329_4_1_531800.htm
c:\windows\system32\cache329\B_329_4_1_532200.htm
c:\windows\system32\cache329\B_329_4_1_532300.htm
c:\windows\system32\cache329\B_329_4_1_532300.swf
c:\windows\system32\cache329\B_329_4_1_534000.gif
c:\windows\system32\cache329\B_329_4_1_534000.htm
c:\windows\system32\cache329\B_329_4_1_535600.htm
c:\windows\system32\cache329\B_329_4_1_535600.swf
c:\windows\system32\cache329\B_329_4_1_535900.htm
c:\windows\system32\cache329\B_329_4_1_538300.htm
c:\windows\system32\cache329\B_329_4_1_539600.gif
c:\windows\system32\cache329\B_329_4_1_539600.htm
c:\windows\system32\cache329\B_329_4_1_540000.gif
c:\windows\system32\cache329\B_329_4_1_540000.htm
c:\windows\system32\cache329\B_329_4_1_540100.htm
c:\windows\system32\cache329\B_329_4_1_540100.swf
c:\windows\system32\cache329\B_329_4_1_540200.htm
c:\windows\system32\cache329\B_329_4_1_540200.swf
c:\windows\system32\cache329\B_329_4_1_540800.htm
c:\windows\system32\cache329\B_329_4_1_543000.htm
c:\windows\system32\cache329\B_329_4_1_544400.htm
c:\windows\system32\cache329\B_329_4_1_545500.htm
c:\windows\system32\cache329\B_329_4_1_546500.htm
c:\windows\system32\cache329\B_329_4_1_546500.swf
c:\windows\system32\cache329\B_329_4_1_548100.htm
c:\windows\system32\cache329\B_329_4_1_548300.htm
c:\windows\system32\cache329\B_329_4_1_548700.htm
c:\windows\system32\cache329\B_329_4_1_549100.htm
c:\windows\system32\cache329\B_329_4_1_552100.htm
c:\windows\system32\cache329\B_329_4_1_552200.htm
c:\windows\system32\cache329\B_329_4_1_556300.htm
c:\windows\system32\cache329\B_329_4_1_556300.swf
c:\windows\system32\cache329\B_329_4_1_557900.htm
c:\windows\system32\cache329\B_329_4_1_558100.gif
c:\windows\system32\cache329\B_329_4_1_558100.htm
c:\windows\system32\cache329\B_329_4_1_559200.gif
c:\windows\system32\cache329\B_329_4_1_559200.htm
c:\windows\system32\cache329\B_329_4_1_561500.htm
c:\windows\system32\cache329\B_329_4_1_561500.swf
c:\windows\system32\cache329\B_329_4_1_564000.htm
c:\windows\system32\cache329\B_329_4_1_564200.htm
c:\windows\system32\cache329\B_329_4_1_565100.htm
c:\windows\system32\cache329\B_329_4_1_565200.htm
c:\windows\system32\cache329\B_329_4_1_576900.htm
c:\windows\system32\cache329\B_329_4_1_577700.htm
c:\windows\system32\cache329\B_329_4_1_578200.htm
c:\windows\system32\cache329\B_329_4_1_578400.htm
c:\windows\system32\cache329\B_329_4_1_578900.htm
c:\windows\system32\cache329\B_329_4_1_578900.swf
c:\windows\system32\cache329\B_329_4_1_579500.htm
c:\windows\system32\cache329\B_329_4_1_582000.htm
c:\windows\system32\cache329\B_329_4_1_582100.htm
c:\windows\system32\cache329\B_329_4_1_582100.swf
c:\windows\system32\cache329\B_329_4_1_582900.htm
c:\windows\system32\cache329\B_329_4_1_583200.htm
c:\windows\system32\cache329\B_329_4_1_584400.gif
c:\windows\system32\cache329\B_329_4_1_584400.htm
c:\windows\system32\cache329\B_329_4_1_585800.htm
c:\windows\system32\cache329\B_329_4_1_586500.htm
c:\windows\system32\cache329\B_329_4_1_588300.htm
c:\windows\system32\cache329\B_329_4_1_588300.swf
c:\windows\system32\cache329\B_329_4_1_592300.htm
c:\windows\system32\cache329\B_329_4_1_592300.swf
c:\windows\system32\cache329\B_329_4_1_592500.gif
c:\windows\system32\cache329\B_329_4_1_592500.htm
c:\windows\system32\cache329\B_329_4_1_595900.htm
c:\windows\system32\cache329\B_329_4_1_597400.htm
c:\windows\system32\cache329\B_329_4_1_597900.gif
c:\windows\system32\cache329\B_329_4_1_597900.htm
c:\windows\system32\cache329\B_329_4_1_598800.htm
c:\windows\system32\cache329\B_329_4_1_602200.htm
c:\windows\system32\cache329\B_329_4_1_602400.htm
c:\windows\system32\cache329\B_329_4_1_604000.htm
c:\windows\system32\cache329\B_329_4_1_605200.htm
c:\windows\system32\cache329\B_329_4_1_605300.htm
c:\windows\system32\cache329\B_329_4_1_606500.htm
c:\windows\system32\cache329\B_329_4_1_607600.htm
c:\windows\system32\cache329\B_329_4_1_609600.htm
c:\windows\system32\cache329\B_329_4_1_610100.htm
c:\windows\system32\cache329\B_329_4_1_610100.swf
c:\windows\system32\cache329\B_329_4_1_611800.htm
c:\windows\system32\cache329\B_329_4_1_614100.htm
c:\windows\system32\cache329\B_329_4_1_614200.htm
c:\windows\system32\cache329\B_329_4_1_614900.htm
c:\windows\system32\cache329\B_329_4_1_617000.gif
c:\windows\system32\cache329\B_329_4_1_617000.htm
c:\windows\system32\cache329\B_329_4_1_618200.htm
c:\windows\system32\cache329\B_329_4_1_620800.htm
c:\windows\system32\cache329\B_329_4_1_632800.gif
c:\windows\system32\cache329\B_329_4_1_632800.htm
c:\windows\system32\cache329\B_329_4_1_632900.htm
c:\windows\system32\cache329\B_329_4_1_637800.htm
c:\windows\system32\cache329\B_329_4_1_639000.htm
c:\windows\system32\cache329\B_329_4_1_640900.htm
c:\windows\system32\cache329\B_329_4_1_641300.gif
c:\windows\system32\cache329\B_329_4_1_641300.htm
c:\windows\system32\cache329\B_329_4_1_641700.gif
c:\windows\system32\cache329\B_329_4_1_641700.htm
c:\windows\system32\cache329\B_329_4_1_641900.htm
c:\windows\system32\cache329\B_329_4_1_643400.htm
c:\windows\system32\cache329\B_329_4_1_644000.htm
c:\windows\system32\cache329\B_329_4_1_647700.htm
c:\windows\system32\cache329\B_329_4_1_656900.htm
c:\windows\system32\cache329\B_329_4_1_657900.htm
c:\windows\system32\cache329\B_329_4_1_663200.htm
c:\windows\system32\cache329\B_329_4_1_665100.gif
c:\windows\system32\cache329\B_329_4_1_665100.htm
c:\windows\system32\cache329\B_329_4_1_666300.gif
c:\windows\system32\cache329\B_329_4_1_666300.htm
c:\windows\system32\cache329\B_329_4_1_666600.gif
c:\windows\system32\cache329\B_329_4_1_666600.htm
c:\windows\system32\cache329\B_329_4_1_666700.gif
c:\windows\system32\cache329\B_329_4_1_666700.htm
c:\windows\system32\cache329\B_329_4_1_667400.htm
c:\windows\system32\cache329\B_329_4_1_667400.swf
c:\windows\system32\cache329\B_329_4_1_667600.gif
c:\windows\system32\cache329\B_329_4_1_667600.htm
c:\windows\system32\cache329\B_329_4_1_673500.htm
c:\windows\system32\cache329\B_329_4_1_677300.gif
c:\windows\system32\cache329\B_329_4_1_677300.htm
c:\windows\system32\cache329\B_329_4_1_679400.htm
c:\windows\system32\cache329\B_329_4_1_679900.htm
c:\windows\system32\cache329\B_329_4_1_681600.gif
c:\windows\system32\cache329\B_329_4_1_681600.htm
c:\windows\system32\cache329\B_329_4_1_681700.htm
c:\windows\system32\cache329\B_329_4_1_684200.gif
c:\windows\system32\cache329\B_329_4_1_684200.htm
c:\windows\system32\cache329\B_329_4_1_685000.gif
c:\windows\system32\cache329\B_329_4_1_685000.htm
c:\windows\system32\cache329\B_329_4_1_685700.htm
c:\windows\system32\cache329\B_329_4_1_690300.htm
c:\windows\system32\cache329\B_329_4_1_690900.htm
c:\windows\system32\cache329\B_329_4_1_693200.htm
c:\windows\system32\cache329\B_329_4_1_693400.htm
c:\windows\system32\cache329\B_329_4_1_716200.htm
c:\windows\system32\cache329\B_329_4_1_716400.htm
c:\windows\system32\cache329\B_329_4_1_717900.gif
c:\windows\system32\cache329\B_329_4_1_717900.htm
c:\windows\system32\cache329\B_329_4_1_731900.htm
c:\windows\system32\cache329\B_329_4_1_733900.htm
c:\windows\system32\cache329\B_329_4_1_736100.htm
c:\windows\system32\cache329\B_329_4_1_738600.htm
c:\windows\system32\cache329\B_329_4_1_751100.htm
c:\windows\system32\cache329\B_329_4_1_756800.htm
c:\windows\system32\cache329\B_329_4_1_759300.gif
c:\windows\system32\cache329\B_329_4_1_759300.htm
c:\windows\system32\cache329\B_329_4_1_765000.htm
c:\windows\system32\cache329\B_329_4_1_765300.htm
c:\windows\system32\cache329\B_329_4_1_769500.htm
c:\windows\system32\cache329\B_329_4_1_775100.gif
c:\windows\system32\cache329\B_329_4_1_775100.htm
c:\windows\system32\cache329\B_329_4_1_782300.htm
c:\windows\system32\cache329\B_329_4_1_783100.htm
c:\windows\system32\cache329\B_329_4_1_785700.htm
c:\windows\system32\cache329\B_329_4_1_797800.htm
c:\windows\system32\cache329\B_329_4_2_106600.gif
c:\windows\system32\cache329\B_329_4_2_106600.htm
c:\windows\system32\cache329\B_329_4_2_500000.htm
c:\windows\system32\cache329\B_329_4_2_503500.htm
c:\windows\system32\cache329\B_329_4_2_503800.htm
c:\windows\system32\cache329\B_329_4_2_507200.htm
c:\windows\system32\cache329\B_329_4_2_508500.htm
c:\windows\system32\cache329\B_329_4_2_508600.gif
c:\windows\system32\cache329\B_329_4_2_508600.htm
c:\windows\system32\cache329\B_329_4_2_511200.htm
c:\windows\system32\cache329\B_329_4_2_511200.swf
c:\windows\system32\cache329\B_329_4_2_512200.htm
c:\windows\system32\cache329\B_329_4_2_513500.htm
c:\windows\system32\cache329\B_329_4_2_513500.swf
c:\windows\system32\cache329\B_329_4_2_519300.htm
c:\windows\system32\cache329\B_329_4_2_519900.gif
c:\windows\system32\cache329\B_329_4_2_519900.htm
c:\windows\system32\cache329\B_329_4_2_521200.htm
c:\windows\system32\cache329\B_329_4_2_522400.htm
c:\windows\system32\cache329\B_329_4_2_522400.jpg
c:\windows\system32\cache329\B_329_4_2_523700.htm
c:\windows\system32\cache329\B_329_4_2_524100.htm
c:\windows\system32\cache329\B_329_4_2_529000.htm
c:\windows\system32\cache329\B_329_4_2_530300.gif
c:\windows\system32\cache329\B_329_4_2_530300.htm
c:\windows\system32\cache329\B_329_4_2_530500.htm
c:\windows\system32\cache329\B_329_4_2_535600.htm
c:\windows\system32\cache329\B_329_4_2_535600.swf
c:\windows\system32\cache329\B_329_4_2_535800.htm
c:\windows\system32\cache329\B_329_4_2_535800.jpg
c:\windows\system32\cache329\B_329_4_2_535900.htm
c:\windows\system32\cache329\B_329_4_2_537900.htm
c:\windows\system32\cache329\B_329_4_2_537900.swf
c:\windows\system32\cache329\B_329_4_2_539600.gif
c:\windows\system32\cache329\B_329_4_2_539600.htm
c:\windows\system32\cache329\B_329_4_2_540000.gif
c:\windows\system32\cache329\B_329_4_2_540000.htm
c:\windows\system32\cache329\B_329_4_2_540100.htm
c:\windows\system32\cache329\B_329_4_2_540100.swf
c:\windows\system32\cache329\B_329_4_2_540200.htm
c:\windows\system32\cache329\B_329_4_2_540200.swf
c:\windows\system32\cache329\B_329_4_2_543300.htm
c:\windows\system32\cache329\B_329_4_2_544400.htm
c:\windows\system32\cache329\B_329_4_2_546500.htm
c:\windows\system32\cache329\B_329_4_2_546500.swf
c:\windows\system32\cache329\B_329_4_2_552000.htm
c:\windows\system32\cache329\B_329_4_2_552400.htm
c:\windows\system32\cache329\B_329_4_2_552500.htm
c:\windows\system32\cache329\B_329_4_2_553800.htm
c:\windows\system32\cache329\B_329_4_2_555600.htm
c:\windows\system32\cache329\B_329_4_2_556100.htm
c:\windows\system32\cache329\B_329_4_2_564000.htm
c:\windows\system32\cache329\B_329_4_2_565500.gif
c:\windows\system32\cache329\B_329_4_2_565500.htm
c:\windows\system32\cache329\B_329_4_2_565600.htm
c:\windows\system32\cache329\B_329_4_2_565800.htm
c:\windows\system32\cache329\B_329_4_2_566200.gif
c:\windows\system32\cache329\B_329_4_2_566200.htm
c:\windows\system32\cache329\B_329_4_2_566700.htm
c:\windows\system32\cache329\B_329_4_2_570000.htm
c:\windows\system32\cache329\B_329_4_2_574500.htm
c:\windows\system32\cache329\B_329_4_2_576400.htm
c:\windows\system32\cache329\B_329_4_2_576400.swf
c:\windows\system32\cache329\B_329_4_2_578200.htm
c:\windows\system32\cache329\B_329_4_2_579500.htm
c:\windows\system32\cache329\B_329_4_2_584500.gif
c:\windows\system32\cache329\B_329_4_2_584500.htm
c:\windows\system32\cache329\B_329_4_2_592800.gif
c:\windows\system32\cache329\B_329_4_2_592800.htm
c:\windows\system32\cache329\B_329_4_2_606500.htm
c:\windows\system32\cache329\B_329_4_2_621900.htm
c:\windows\system32\cache329\B_329_4_2_625100.htm
c:\windows\system32\cache329\B_329_4_2_632400.htm
c:\windows\system32\cache329\B_329_4_2_635300.htm
c:\windows\system32\cache329\B_329_4_2_635300.jpg
c:\windows\system32\cache329\B_329_4_2_644600.htm
c:\windows\system32\cache329\B_329_4_2_645900.htm
c:\windows\system32\cache329\B_329_4_2_647000.htm
c:\windows\system32\cache329\B_329_4_2_648600.htm
c:\windows\system32\cache329\B_329_4_2_652500.htm
c:\windows\system32\cache329\B_329_4_2_655400.htm
c:\windows\system32\cache329\B_329_4_2_655400.swf
c:\windows\system32\cache329\B_329_4_2_655500.htm
c:\windows\system32\cache329\B_329_4_2_655600.htm
c:\windows\system32\cache329\B_329_4_2_655600.swf
c:\windows\system32\cache329\B_329_4_2_663200.htm
c:\windows\system32\cache329\B_329_4_2_665100.gif
c:\windows\system32\cache329\B_329_4_2_665100.htm
c:\windows\system32\cache329\B_329_4_2_666300.gif
c:\windows\system32\cache329\B_329_4_2_666300.htm
c:\windows\system32\cache329\B_329_4_2_666600.gif
c:\windows\system32\cache329\B_329_4_2_666600.htm
c:\windows\system32\cache329\B_329_4_2_666700.gif
c:\windows\system32\cache329\B_329_4_2_666700.htm
c:\windows\system32\cache329\B_329_4_2_681600.gif
c:\windows\system32\cache329\B_329_4_2_681600.htm
c:\windows\system32\cache329\B_329_4_2_681900.gif
c:\windows\system32\cache329\B_329_4_2_681900.htm
c:\windows\system32\cache329\B_329_4_2_689900.htm
c:\windows\system32\cache329\B_329_4_2_692800.htm
c:\windows\system32\cache329\B_329_4_2_756300.htm
c:\windows\system32\cache329\B_329_4_2_800400.htm
c:\windows\system32\cache329\B_329_4_3_105900.htm
c:\windows\system32\cache329\B_329_4_3_164000.htm
c:\windows\system32\cache329\B_329_4_3_240300.gif
c:\windows\system32\cache329\B_329_4_3_240300.htm
c:\windows\system32\cache329\B_329_4_3_256800.gif
c:\windows\system32\cache329\B_329_4_3_256800.htm
c:\windows\system32\cache329\B_329_4_3_333300.gif
c:\windows\system32\cache329\B_329_4_3_333300.htm
c:\windows\system32\cache329\B_329_4_3_359800.htm
c:\windows\system32\cache329\B_329_4_3_386000.gif
c:\windows\system32\cache329\B_329_4_3_386000.htm
c:\windows\system32\cache329\B_329_4_3_388400.htm
c:\windows\system32\cache329\B_329_4_3_388400.jpg
c:\windows\system32\cache329\B_329_4_3_388500.htm
c:\windows\system32\cache329\B_329_4_3_388500.jpg
c:\windows\system32\cache329\B_329_4_3_418100.htm
c:\windows\system32\cache329\B_329_4_3_418200.htm
c:\windows\system32\cache329\B_329_4_3_438700.htm
c:\windows\system32\cache329\B_329_4_3_540200.htm
c:\windows\system32\cache329\B_329_4_3_540200.swf
c:\windows\system32\cache329\B_329_4_3_541700.htm
c:\windows\system32\cache329\B_329_4_3_547500.htm
c:\windows\system32\cache329\B_329_4_3_547500.swf
c:\windows\system32\cache329\B_329_4_3_547700.gif
c:\windows\system32\cache329\B_329_4_3_547700.htm
c:\windows\system32\cache329\B_329_4_3_547800.gif
c:\windows\system32\cache329\B_329_4_3_547800.htm
c:\windows\system32\cache329\B_329_4_3_547900.htm
c:\windows\system32\cache329\B_329_4_3_547900.swf
c:\windows\system32\cache329\B_329_4_3_548600.gif
c:\windows\system32\cache329\B_329_4_3_548600.htm
c:\windows\system32\cache329\B_329_4_3_548800.htm
c:\windows\system32\cache329\B_329_4_3_548800.swf
c:\windows\system32\cache329\B_329_4_3_553100.htm
c:\windows\system32\cache329\B_329_4_3_553100.swf
c:\windows\system32\cache329\B_329_4_3_577500.htm
c:\windows\system32\cache329\B_329_4_3_591700.htm
c:\windows\system32\cache329\B_329_4_3_591700.swf
c:\windows\system32\cache329\B_329_4_3_592200.htm
c:\windows\system32\cache329\B_329_4_3_592200.swf
c:\windows\system32\cache329\B_329_4_3_593800.htm
c:\windows\system32\cache329\B_329_4_3_593800.swf
c:\windows\system32\cache329\B_329_4_3_596600.gif
c:\windows\system32\cache329\B_329_4_3_596600.htm
c:\windows\system32\cache329\B_329_4_3_598800.gif
c:\windows\system32\cache329\B_329_4_3_598800.htm
c:\windows\system32\cache329\B_329_4_3_601800.htm
c:\windows\system32\cache329\B_329_4_3_601800.jpg
c:\windows\system32\cache329\B_329_4_3_631700.htm
c:\windows\system32\cache329\B_329_4_3_632300.htm
c:\windows\system32\cache329\B_329_4_3_703800.htm
c:\windows\system32\cache329\B_329_4_3_731700.gif
c:\windows\system32\cache329\B_329_4_3_731700.htm
c:\windows\system32\cache329\B_329_4_3_732400.gif
c:\windows\system32\cache329\B_329_4_3_732400.htm
c:\windows\system32\cache329\B_329_4_3_736600.htm
c:\windows\system32\cache329\B_329_4_3_747400.gif
c:\windows\system32\cache329\B_329_4_3_747400.htm
c:\windows\system32\cache329\B_329_4_3_747800.gif
c:\windows\system32\cache329\B_329_4_3_747800.htm
c:\windows\system32\cache329\B_329_4_3_767500.htm
c:\windows\system32\cache329\B_329_4_4_105900.htm
c:\windows\system32\cache329\B_329_4_4_221700.gif
c:\windows\system32\cache329\B_329_4_4_221700.htm
c:\windows\system32\cache329\B_329_4_4_221900.gif
c:\windows\system32\cache329\B_329_4_4_221900.htm
c:\windows\system32\cache329\B_329_4_4_240300.gif
c:\windows\system32\cache329\B_329_4_4_240300.htm
c:\windows\system32\cache329\B_329_4_4_256800.gif
c:\windows\system32\cache329\B_329_4_4_256800.htm
c:\windows\system32\cache329\B_329_4_4_333300.gif
c:\windows\system32\cache329\B_329_4_4_333300.htm
c:\windows\system32\cache329\B_329_4_4_365000.gif
c:\windows\system32\cache329\B_329_4_4_365000.htm
c:\windows\system32\cache329\B_329_4_4_369000.gif
c:\windows\system32\cache329\B_329_4_4_369000.htm
c:\windows\system32\cache329\B_329_4_4_386000.gif
c:\windows\system32\cache329\B_329_4_4_386000.htm
c:\windows\system32\cache329\B_329_4_4_388400.htm
c:\windows\system32\cache329\B_329_4_4_388400.jpg
c:\windows\system32\cache329\B_329_4_4_388500.htm
c:\windows\system32\cache329\B_329_4_4_388500.jpg
c:\windows\system32\cache329\B_329_4_4_417800.gif
c:\windows\system32\cache329\B_329_4_4_417800.htm
c:\windows\system32\cache329\B_329_4_4_418100.htm
c:\windows\system32\cache329\B_329_4_4_418200.htm
c:\windows\system32\cache329\B_329_4_4_425200.htm
c:\windows\system32\cache329\B_329_4_4_524100.htm
c:\windows\system32\cache329\B_329_4_4_539900.htm
c:\windows\system32\cache329\B_329_4_4_562600.htm
c:\windows\system32\cache329\B_329_4_4_664100.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\cestjnyi.ini
c:\windows\system32\coasxhno.ini
c:\windows\system32\drivers\etc\.protected
c:\windows\system32\ekd.txt
c:\windows\system32\ewakoruz.ini
c:\windows\system32\ewomirev.ini
c:\windows\system32\hcdxUc3L.exe.a_a
c:\windows\system32\hnehxalx.ini
c:\windows\system32\hrlkwcfv.ini
c:\windows\system32\ihiyeyem.ini
c:\windows\system32\imkpfone.ini
c:\windows\system32\inahiwar.ini
c:\windows\system32\koibvywr.ini
c:\windows\system32\lfbdrgch.ini
c:\windows\system32\logs
c:\windows\system32\msbb.dll
c:\windows\system32\ncase.ini
c:\windows\system32\noathqgw.ini
c:\windows\system32\ofdovigf.ini
c:\windows\system32\oheonesi.ini
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\P2P Networking\P2P Networking.LOG
c:\windows\system32\pac.txt
c:\windows\system32\ps1.dat
c:\windows\system32\qlaebhks.ini
c:\windows\system32\rc.dat
c:\windows\SYSTEM32\SssCKRqr.ini
c:\windows\SYSTEM32\SssCKRqr.ini2
c:\windows\system32\swlivbvy.ini
c:\windows\system32\tapikatp.ini
c:\windows\system32\thincvsr.ini
c:\windows\system32\uxjmesov.ini
c:\windows\SYSTEM32\WGQqAcdd.ini
c:\windows\system32\WGQqAcdd.ini2
c:\windows\system32\ygvhtbln.ini
c:\windows\Web\default.htt
c:\windows\ynh.dx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RESTORE
-------\Legacy_TCPSR


((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 17:07 . 2010-08-18 17:07 -------- d-----w- c:\windows\system32\KB905474
2010-08-18 17:00 . 2010-08-18 17:00 -------- d-----w- c:\windows\LastGood
2010-08-17 22:17 . 2010-08-17 22:17 -------- d-----w- C:\_OTL
2010-08-15 13:31 . 2010-08-15 13:31 -------- d-----w- C:\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\program files\Alwil Software
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 20:57 . 2010-07-06 13:27 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-05 11:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-05 11:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 14:23 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-05 11:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-05 11:35 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-02-05 11:35 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-02-05 11:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2003-02-01 17:34 . 2003-02-01 17:34 23357 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"VoyetraAudioStation2"="c:\voyetra\AS2\as2tray.exe" [1997-02-14 195072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-05 267064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-08 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R0 ati6eixx;ati6eixx;c:\windows\System32\Drivers\ati6eixx.sys [x]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\DRIVERS\NtApm.sys [2001-08-17 9344]
S1 aswSP;aswSP; [x]
S3 SiSV;SiSV;c:\windows\system32\DRIVERS\SiSV.sys [2001-08-17 50432]
S3 USRTI;U.S. Robotics Faxmodem Driver TI;c:\windows\system32\DRIVERS\USRTI.SYS [2001-08-17 765884]

.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-08-18 c:\windows\Tasks\WGASetup.job
- c:\windows\System32\KB905474\wgasetup.exe [2010-08-18 21:18]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SYSTEM\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Ebates - file://c:\program files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
TCP: {49EE4D47-81D8-4BAA-94A2-F64A37BE272D} = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKCU-Run-COM+ Manager - c:\documents and settings\hidden\.COMMgr\complmgr.exe
HKLM-Run-EbatesMoeMoneyMaker0 - c:\program files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
HKLM-Run-fodejotane - c:\windows\System32\kuzeyogi.dll
SafeBoot-ati0inxx.sys
SafeBoot-ati0mrxx.sys
SafeBoot-ati1inxx.sys
SafeBoot-ati1vbxx.sys
SafeBoot-ati3afxx.sys
SafeBoot-ati3yexx.sys
SafeBoot-ati5inxx.sys
SafeBoot-ati5xdxx.sys
SafeBoot-ati6eixx.sys
SafeBoot-ati6mqxx.sys
SafeBoot-ati7tyxx.sys
MSConfigStartUp-AltnetPointsManager - c:\program files\altnet\points manager\points manager.exe
MSConfigStartUp-Bargains - c:\program files\Bargain Buddy\bin2\bargains.exe
MSConfigStartUp-Belt - c:\windows\Belt.exe
MSConfigStartUp-EanthologyApp - c:\progra~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
MSConfigStartUp-eanth_critical_update_alert - c:\progra~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE
MSConfigStartUp-Microsoft Inet Xp - teekids.exe
MSConfigStartUp-msbb - c:\windows\system32\msbb.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
MSConfigStartUp-P2P Networking3 - c:\windows\System32\P2P Networking\P2P Networking3.exe
MSConfigStartUp-RunDLL - c:\windows\Downloaded Program Files\bridge.dll
MSConfigStartUp-RunWindowsUpdate - c:\windows\uptodate.exe
MSConfigStartUp-WebScan - c:\progra~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE
MSConfigStartUp-windows auto update - msblast.exe
MSConfigStartUp-Windows Automation - mslaugh.exe
AddRemove-AltnetDM - c:\program files\Altnet\Download Manager\AltnetUninstall.exe
AddRemove-ArcSoft PhotoStudio 2000 - c:\program files\ArcSoft\PhotoStudio 2000\Uninst.isu
AddRemove-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 18:13
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
COM+ Manager = "c:\documents and settings\hidden\.COMMgr\complmgr.exe"?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(368)
c:\windows\system32\ODBC32.dll
c:\windows\system32\RASAPI32.dll

- - - - - - - > 'lsass.exe'(424)
c:\windows\system32\RASAPI32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3740)
c:\windows\System32\msi.dll
c:\windows\system32\RASAPI32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-08-18 18:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 17:24

Pre-Run: 8,337,702,912 bytes free
Post-Run: 10,498,260,992 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect

- - End Of File - - F3F207284ACF34B03F3B7848EB5C8D7D

Man what a mess!!

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   MIA::
   c:\windows\System32\wscntfy.exe
   c:\windows\System32\xmlprov.dll
   
   Folder::
   c:\documents and settings\hidden\
   
   Registry::
   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

ComboFix 10-08-17.04 - hidden 18/08/2010 20:46:53.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.44.1033.18.256.77 [GMT 1:00]
Running from: c:\documents and settings\hidden\Desktop\commy.exe
Command switches used :: c:\documents and settings\hidden\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\wscntfy.exe . . . is missing!!

c:\windows\System32\xmlprov.dll . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 17:07 . 2010-08-18 17:07 -------- d-----w- c:\windows\system32\KB905474
2010-08-18 17:00 . 2010-08-18 17:00 -------- d-----w- c:\windows\LastGood
2010-08-17 22:17 . 2010-08-17 22:17 -------- d-----w- C:\_OTL
2010-08-15 13:31 . 2010-08-15 13:31 -------- d-----w- C:\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\program files\Alwil Software
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 20:57 . 2010-07-06 13:27 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-05 11:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-05 11:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 14:23 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-05 11:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-05 11:35 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-02-05 11:35 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-02-05 11:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2003-02-01 17:34 . 2003-02-01 17:34 23357 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"VoyetraAudioStation2"="c:\voyetra\AS2\as2tray.exe" [1997-02-14 195072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-05 267064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-08 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [06/04/2008 15:23 165456]
R3 SiSV;SiSV;c:\windows\SYSTEM32\DRIVERS\SiSV.sys [01/02/2003 20:05 50432]
R3 USRTI;U.S. Robotics Faxmodem Driver TI;c:\windows\SYSTEM32\DRIVERS\USRTI.SYS [01/02/2003 20:05 765884]
S0 ati6eixx;ati6eixx;c:\windows\System32\Drivers\ati6eixx.sys --> c:\windows\System32\Drivers\ati6eixx.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [01/02/2003 20:06 9344]
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-08-18 c:\windows\Tasks\WGASetup.job
- c:\windows\System32\KB905474\wgasetup.exe [2010-08-18 21:18]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SYSTEM\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Ebates - file://c:\program files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
TCP: {49EE4D47-81D8-4BAA-94A2-F64A37BE272D} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 21:01
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(368)
c:\windows\system32\ODBC32.dll
c:\windows\system32\RASAPI32.dll

- - - - - - - > 'lsass.exe'(424)
c:\windows\system32\RASAPI32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2976)
c:\windows\System32\msi.dll
c:\windows\system32\RASAPI32.dll
.
Completion time: 2010-08-18 21:07:59
ComboFix-quarantined-files.txt 2010-08-18 20:07
ComboFix2.txt 2010-08-18 17:25

Pre-Run: 10,496,655,360 bytes free
Post-Run: 10,483,400,704 bytes free

- - End Of File - - 6316D76DE48D928B2284C21F631AF2E9

Do you have your Windows CD?

I don't think i have it anymore. I will have a look but doubt I'll find it.

Is there another option?

Can you borrow one off a friend? We need to replace some files.

Does it need to be a Windows XP cd?

It needs to be the same version as your currently installed OS

Hi,

Unfortunatley, at the moment I can't get hold of a Windows xp cd.

Is there anything else you can do?

Thanks.

I'll see what we can do but it would be great if you can get a CD