Author Topic: Bad Image: WIKI.DLL (Read 84225 times)

Old_Curmudgeon · « **on:** March 02, 2011, 12:16:32 AM »

Sorry about the width of the following. I couldn't figure out how to adjust the margins.

Saturday my computer threw out an error message when I started IE8. I am running XP sp3. The error was (I forget the name of the .exe file):”Bad Image ?.exe-bad image: The application or dll C:\Windows|system32\wiki.dll is not a valid windows image. Please check this against your installation diskette.” Thereafter, each time an .exe file started up I got the same error pop-up. When I restarted the computer I got a lot of these during startup. However, each time I closed the error box it went on to the next. Then I got my desktop and the computer appeared to be running. Each time I started a program I got the same error message with the .exe file identified.

My initial research suggested that this was the behavior of a “Backdoor Trojan” and the only good way to remove it was to reinstall everything. This seemed over-the-top so I continued looking and found your site. Seeing your advice to run CCleaner, Super Antivirus, MalwareBytes, JavaRa, CCleaner, and HijackThis I started prepping my computer. However, I did run MalwareBytes, AVG Virus Scan, AVG Anti-Rootkit, and SpyBot before following your regime. After MalwareBytes ran the error popup symptom disappeared.

Below is a summary of my concerns from all of the scans’ log files. The three full requested logs follow. Not being an expert in this I expect that I missed several concerns. I would like some input on why MalwareBytes indicates that no action was taken on several items (including the wiki.dll that started this whole fiasco) but then didn’t find them in subsequent scans. I am also concerned that JavaRa left several iterations of Java that appear to be old. Any reassurance that I do not need to erase my hard drive and reinstall everything would be welcome.

MalwareBytes (2/28/2011 4:17:57 PM) (No action was taken, I don’t know why not.)
---infected registry key: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
(Adware.MyWebSearch) -> No action taken.
--Files Infected: C:\WINDOWS\system32\WIKI.DLL (Trojan.Agent) -> No action taken.

SuperAntiSpyware: (Generated 02/28/2011 at 09:11 PM)
---70 cookies
---Trojan.Agent/Gen-Nullo: C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-
DB7B394CD5BC}\RP368\A0069092.DLL

AVG Virus Scan (3/1/11 at 9:26 AM)
---Found a broken digital signature in MalwareBytes.

MalwareBytes (3/1/11 at 2:41 AM)
--Found Files Infected: c:\_downloads\nirsoft system tools\ProduKey.exe
(PUP.PSWTool.ProductKey) -> No action taken.

MalwareBytes (3/1/11 at 5:44 PM)
---found no infections at all

Spybot (3/1/11 at 6:42 AM)
---Fixed MyWay,MyWayWebSearch Registry Key
---Fixed 4 Program directory entries for MyWay.MyWaySearch
---Several warnings about zero checksum files but no action noted.

AVG Anti-Rootkit (3/1/11 at 7:30 AM)
---No rootkits identified

JavaRa (3/1/11 at 8:50 AM)
---Found and removed several pages of items
---Did not remove Java 6 updates: 2,3 and 5
---Did not remove J2SE Runtime Env 5.0 updates 6, 10 and 11

SuperAntiSpyware (3/1/11 at 2:20 PM)
---Found an Adware Tracking Cookie

MalwareBytes (3/1/11 at 5:44 PM)
---found no infections at all

HijackThis (3/1/11 at 7:17 PM)
---O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG10\avgpp.dll
---O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
---O20 - AppInit_DLLs: WIKI.DLL

Misc. Observations
---I did a registry search and found a registry value data for: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
WindowsNT\CurrentVersion\Windows\AppInit_DLLs is wiki.dll. Should I delete this key?
---I am very concerned that MalwareBytes logs show problems were identified but no action was taken and then were not found again.
---I cannot find wiki.dll in C or D drives but MalwareBytes showed it in its initial scan but also showed “no action taken.” Is it hidden somehow?

Following are the log files of
*************************************************
SuperAntiSpyware (3/1/11 at 2:20 PM)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/01/2011 at 02:20 PM

Application Version : 4.49.1000

Core Rules Database Version : 6502
Trace Rules Database Version: 4314

Scan type : Complete Scan
Total Scan Time : 02:55:35

Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 10855
Registry threats detected : 0
File items scanned : 189291
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Mike Keplinger\Cookies\mike_keplinger@2o7[1].txt

************************************************************************
MalwareBytes (3/1/11 at 5:44 PM)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5920

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2011 5:44:03 PM
mbam-log-2011-03-01 (17-44-03).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 369353
Time elapsed: 3 hour(s), 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***************************************************************
HijackThis (3/1/11 at 7:17 PM)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:37 PM, on 3/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AirLink101\AWLL5026\WLService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\V0400Mon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=
US&language=EN&prodOS=&lf=BLUE
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachF ile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT 9\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\DateInTray\DateInTray.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000022.0000004e&b=00000082.
00000046.000000b5&c=00000082.00000097.000001cf&d=00000082.00000101.00000313
O4 - HKUS\S-1-5-18\..\Run: "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download FLV files in this page with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadFLV.htm
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Mike Keplinger\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/stg_drm.ocx
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228453353859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: AWLL5026 WLService - Unknown owner - C:\Program Files\AirLink101\AWLL5026\WLService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 17956 bytes
******************************************************************************
Thank you so much for the time and effort that you all spend in this forum. It is very reassuring.

Best regards,
Mike

SuperDave · « **Reply #1 on:** March 02, 2011, 12:25:58 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachF ile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

*******************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\system32\WIKI.DLL
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Old_Curmudgeon · « **Reply #2 on:** March 02, 2011, 04:26:56 PM »

Thanks Dave, I'll get on this tonight and tomorrow. It should go OK. You mentioned killing two ACT 09 items. I don't use them so no problem but would it be OK to try and shut them down from the program if it will let me? Also, the trusted Microsoft zones. If I shut them down will that mean that I need to manually do the weekly updates and the like?

Not important but do you know of an instruction site for ComputerHope's text editor? I would really like to try and get the text of my topic to fit on the screen.

Thanks for your reply!
Mike

SuperDave · « **Reply #3 on:** March 02, 2011, 04:33:18 PM »

Quote

You mentioned killing two ACT 09 items. I don't use them so no problem but would it be OK to try and shut them down from the program if it will let me? Also, the trusted Microsoft zones. If I shut them down will that mean that I need to manually do the weekly updates and the like?

No. Please fix those items. Clearing those trusted zones lines will not affect the way you work on your computer or how you receive the updates.

Quote

Not important but do you know of an instruction site for ComputerHope's text editor? I would really like to try and get the text of my topic to fit on the screen.

You don't need a text editor. I fixed some of the problems and it's ok for now.

Old_Curmudgeon · « **Reply #4 on:** March 03, 2011, 03:06:33 PM »

Dave, thanks for your persistace and thanks for correcting my margins! I ran HijackThis per instructructions and it appeared to remove the checked entries. (Though there was no confirmation, just the clearing of the page.)

I tried to run Jotti's malware scan but got a File Not Found error when I pasted C\WINDOWS\system32\WIKI.Dll into the browse box. I received the same error when I browsed down directly to the system32 folder for wiki.dll as well. As I mentioned in my initial post I am unable to find Wiki.dll either manually (navigating through system32 in Windows Explorer) or by the search tool looking through all folders in both C & D drives.

After running jotti with no results I ran DDS and reviewed the logs. I'm not sure what I should look for but I did notice that there were entries for several of the things that malwarebytes was supposed to remove (fix?): yahoo! toolbar, 3 Trusted Zones, and a reference to wiki.dll. I have appended the logs to this entry. I don't believe that it is a problem but I did change the instances of my name in the logs to John Doe.

Thanks Dave

******************************************

Here are the two DDS logs:

DDS Log

DDS (Ver_10-12-12.02) - NTFSx86
Run by John Doe at 13:58:10.18 on Thu 03/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1337 [GMT -6:00]

AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AirLink101\AWLL5026\WLService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\vssvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\V0400Mon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\John Doe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=EN&prodOS=&lf=BLUE
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DateInTray] c:\program files\dateintray\DateInTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000022.0000004e&b=
00000082.
00000046.000000b5&c=00000082.00000097.000001cf&d=00000082.00000101.00000313
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Act.Outlook.Service] "c:\program files\act 9\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act 9\act for windows\ActSage.exe" -preload
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\johndo~1\startm~1\programs\startup\spamih~1.lnk - c:\program files\spamihilator\spamihilator.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download FLV files in this page with GetFLV - c:\program files\getflv\iemenu\DownloadFLV.htm
IE: Download linked FLV with GetFLV - c:\program files\getflv\iemenu\DownloadLinkFLV.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\john doe\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Send to &Bluetooth Device... - c:\program files\anycom\bluetooth-usb\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\anycom\bluetooth-usb\btsendto_ie.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\anycom\bluetooth-usb\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/stg_drm.ocx
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228453353859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: WIKI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1   www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\dh2guuz6.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\
realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\quickplay\000.fcl [2008-7-13 39408]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 AWLL5026 WLService;AWLL5026 WLService;c:\program files\airlink101\awll5026\WLService.exe [2010-11-23 49152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-8-25 220128]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-17 124648]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2009-10-4 19968]
R3 zonescreen;zonescreen;c:\windows\system32\drivers\zsport.sys [2010-10-21 10488]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\ca1528av.sys --> c:\windows\system32\drivers\Ca1528av.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 AVC1200;Adaptec AVC-1200 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [2007-3-13 175042]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\bulk1528.sys --> c:\windows\system32\drivers\Bulk1528.sys [?]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [2007-3-13 14273]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-11-17 1128944]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2009-10-24 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2009-10-24 62592]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-4-4 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-4-4 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-4-4 166720]

=============== Created Last 30 ================

2011-03-02 01:10:28   388096   ----a-r-   c:\docume~1\johndo~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-02 01:10:28   --------   d-----w-   c:\program files\Trend Micro
2011-03-01 12:43:32   --------   d-----w-   c:\documents and settings\john doe\Pavark
2011-02-28 23:24:01   --------   d-----w-   c:\docume~1\johndo~1\applic~1\SUPERAntiSpyware.com
2011-02-28 23:24:01   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-02-28 23:23:46   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-16 05:17:49   12928   ----a-w-   c:\windows\system32\drivers\Dot4Prt.sys
2011-02-16 05:17:49   12928   ----a-w-   c:\windows\system32\dllcache\dot4prt.sys
2011-02-16 05:17:44   324608   ----a-w-   c:\windows\system32\hpojwia.dll
2011-02-16 05:17:44   324608   ----a-w-   c:\windows\system32\dllcache\hpojwia.dll
2011-02-16 05:17:41   8704   ----a-w-   c:\windows\system32\drivers\Dot4scan.sys
2011-02-16 05:17:41   8704   ----a-w-   c:\windows\system32\dllcache\dot4scan.sys
2011-02-16 05:17:36   23808   ----a-w-   c:\windows\system32\drivers\Dot4usb.sys
2011-02-16 05:17:36   23808   ----a-w-   c:\windows\system32\dllcache\dot4usb.sys
2011-02-16 05:17:36   206976   ----a-w-   c:\windows\system32\drivers\Dot4.sys
2011-02-16 05:17:36   206976   ----a-w-   c:\windows\system32\dllcache\dot4.sys
2011-02-15 19:46:54   472808   ----a-w-   c:\program files\mozilla firefox\plugins\npdeployJava1.dll

==================== Find3M ====================

2011-03-03 18:58:53   13146   ----a-w-   c:\windows\system32\KGyGaAvL.sys
2011-02-03 03:40:23   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-01-25 17:36:44   1409   ----a-w-   c:\windows\QTFont.for
2011-01-21 14:44:37   439296   ------w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-04 14:05:50   695642   ----a-w-   c:\windows\unins000.exe
2010-12-31 13:10:33   1854976   ------w-   c:\windows\system32\win32k.sys
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59:19   43520   ------w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00   730112   ------w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26   385024   ------w-   c:\windows\system32\html.iec
2010-12-09 15:15:09   718336   ------w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30:22   33280   ------w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26   2148864   ------w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07   2027008   ------w-   c:\windows\system32\ntkrnlpa.exe
1998-12-09 02:53:54   99840   ----a-w-   c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54   70144   ----a-w-   c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54   48640   ----a-w-   c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54   31744   ----a-w-   c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54   186368   ----a-w-   c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54   17920   ----a-w-   c:\program files\common files\IRASRIAL.DLL

============= FINISH: 13:59:50.14 ===============
************************************************************************************
DDS Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2007 1:40:08 AM
System Uptime: 3/3/2011 12:56:46 PM (1 hours ago)

Motherboard: Quanta | | 30BB
Processor: Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz | U2E1 | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 449 GiB total, 296.841 GiB free.
D: is FIXED (FAT32) - 16 GiB total, 5.43 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4380 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: HP Photosmart C4380
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

"Nero SoundTrax Help
32 Bit HP CIO Components Installer
7-Zip 4.57
A-one 3GP Video Converter 4.62
ACT!
ACT! by Sage
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Advanced Audio FX Engine
Advanced Video FX Engine
Advertising Center
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
AIO_Scan
AirLink101 USB XR Adapter
Amaya
ANYCOM Bluetooth Software
AoA Audio Extractor
Apple Software Update
AusLogics Disk Defrag
AusLogics Registry Defrag
AutoUpdate
AVG 2011
AviSynth 2.5
BT8010 Control Center version 1.3
BufferChm
bxNewFolder 1.0
C4380
C4380_doccd
C4380_Help
calibre
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
CCleaner
CheckIt Diagnostics
Chinese Traditional Fonts Support For Adobe Reader 8
CinemaForge
Conexant HD Audio
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam Notebook Pro Driver (1.02.02.00)
Creative Live! Cam User's Guide
Creative MediaSource
Creative Photo Calendar
Creative Photo Manager
Creative Removable Disk Manager
Creative Software AutoUpdate
Creative System Information
Creative Zen Vision M
Crimson Editor 3.72
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
DanceMaster Basic Edition Version 3.5a
DateInTray 1.6
Debut Video Capture Software
DeLorme Street Atlas USA 2009
DesignCAD 3D Max 20
Destination Component
DeviceDiscovery
DirectX 9 Runtime
DivX
DocProc
DocProcQFolder
DolbyFiles
DVD Decrypter (Remove Only)
DVD Suite
DVD to MP4 Converter 4
DzSoft Favorites Search 2.1
Eraser
eSupportQFolder
Fax
FileSeek 2.0.4
Flash Movie Player 1.5
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.8
FullDPAppQFolder
GetFLV Pro 2.5
Google Earth
Google Update Helper
HD Tune 2.55
HiJackThis
honestech Fireman CD/DVD Burner
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Help and Support
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Premier Software 6.0
HP Product Assistant
HP Product Detection
HP QuickPlay 2.3
HP Solution Center 9.0
HP Update
HP User Guides 0035
HP Wireless Assistant
HPDiagnosticAlert
HPProductAssistant
HpSdpAppCoreApp
ICatch (VI) PC Camera
ieSpell
ImagXpress
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.124.1
Macrium Reflect - Free Edition
Macromedia Flash Player 8
Macromedia Shockwave Player
MAGIX Movie Edit Pro 11 (US)
MAGIX Music Manager (US)
MAGIX Photo Manager (US)
Malwarebytes' Anti-Malware
MarketResearch
Menu Templates - Pack 1
Menu Templates - Pack 2
Menu Templates - Pack 3
Menu Templates - Starter Kit
Micrografx Picture Publisher 8
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 SR-1 Small Business
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
miFiles - My Internet Files 1.12d
Move Networks Media Player for Internet Explorer
Movie Templates - Pack 1
Movie Templates - Starter Kit
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
muveeNow 2.0 - Creative
Nero 9
Nero BackItUp
Nero BackItUp 4
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NetDeviceManager
NetWaiting
Office 2003 Trial Assistant
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org 3.2
OptionalContentQFolder
Otto
PandoraRecovery (Remove Only)
PanoStandAlone
PDF reDirect (remove only)
Pdf995
PdfEdit995
PDFill PDF Editor with FREE Writer and Free Tools
PE Builder 3.1.10a
PhotoGallery
Pinnacle Instant DVD Recorder
PowerDVD
PowerProducer
Prism Video Converter
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
RadarSync
RandMap
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Easy VHS to DVD
Roxio Easy VHS to DVD Content
Roxio Video Capture USB Driver
Sandboxie 3.50
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SightSpeed
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
SkinsHP1
Skype™ 5.0
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic MyDVD
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
SonicStage 4.3
SoundTrax
Spamihilator 0.9.9.53 (32 bit)
SPCA1528 PC Driver
Spelling Dictionaries Support For Adobe Reader 8
SplitFile 1.7.0
SpO2 v0.9x
Spybot - Search & Destroy
Status
Studio 11
StuffIt Deluxe 8.0.1
SUPERAntiSpyware
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
TaxCut Basic 2006
The Regex Coach 0.9.2
Toolbox
TourSetup
TrayApp
Tweak UI
Uninstall 1.0.0.1
Unload
UnloadSupport
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCRedistSetup
Video Capture USB
VideoPad Video Editor
Videora iPod classic Converter 6
VideoToolkit01
Virtual Magnifying Glass v3.3.2
Virtual POP3-Server 1.0 Beta2
Vongo
WebFldrs XP
WebReg
Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
Windows Driver Package - ZoneOS (zonescreen) Display (10/10/2010 1.1.12.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
Yahoo! Desktop Login
YouTube Downloader App 3.00
ZoneOS ZoneScreen 1.1.12.0

==== Event Viewer Messages From Past Week ========

3/3/2011 9:47:28 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/3/2011 9:32:34 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/3/2011 12:20:09 PM, error: System Error [1003] - Error code 00000077, parameter1 00000001, parameter2 00042d9a, parameter3 00000000, parameter4 9eb52c34.
3/3/2011 12:18:11 PM, error: Print [19] - Sharing printer failed + 1722, Printer Canon MX310 FAX share name Printer10.
3/3/2011 1:59:32 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/2/2011 3:24:21 PM, error: Print [19] - Sharing printer failed + 1722, Printer PDFill PDF&Image Writer share name Printer.
3/1/2011 6:36:53 AM, error: Service Control Manager [7034] - The Message Queuing service terminated unexpectedly. It has done this 1 time(s).
3/1/2011 2:51:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde Pcmcia ViaIde
2/26/2011 12:31:18 AM, error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The system cannot find the file specified.
2/26/2011 12:31:18 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
2/25/2011 10:22:26 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
2/25/2011 10:22:26 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
2/25/2011 10:22:26 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================

SuperDave · « **Reply #5 on:** March 04, 2011, 12:18:51 PM »

You will need to do this again and please follow the instructions below.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachF ile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O20 - AppInit_DLLs: WIKI.DLL

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*******************************************
This next tool I want to use will not run with AVG on your computer. You will need to download and new free AV from the list below and install it. Next, remove AVG using the AVG Removal Tool below.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*********************************************
AVG Antivirus - AVG Antivirus Remover utility

************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Old_Curmudgeon · « **Reply #6 on:** March 06, 2011, 09:14:43 PM »

Dave,

Something weird has happened. I don't know if it is related or not. I completed your instructions and was attempting to put my comments and the logs up on this forum. However, I am unable to log in with my laptop (the one that has been infected). I am able to log on with my desktop (the one I am writing from). I am very reluctant to transfer any files from the infected computer to this computer.

When I try to log on from my laptop I get a message that says "Error". Wait 2 seconds and try again. I've done this six or eight times with the same result. Yet, my desktop logs on with no problem. I am able to get onto other sites with the laptop. Do you have any insight as to why I might be experiencing this problem?

Thanks,
Mike

SuperDave · « **Reply #7 on:** March 07, 2011, 11:43:51 AM »

Quote

I am very reluctant to transfer any files from the infected computer to this computer.

Please use this method:

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**********************************************
Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

Old_Curmudgeon · « **Reply #8 on:** March 07, 2011, 04:33:37 PM »

Hi Dave,

OK, I am uploading this from my desktop using a CD, as per your suggestion. I also ran the test.bat file you requested and appended it to the bottom. I still don’t understand why my laptop (the one with the complaint) can no longer log onto computerhope. It can access the internet and it can log onto other sites. As far as I know it is only computerhope.com that it can’t access. Comments would be welcome.

I have completed your instructions (almost, see below). When I ran HJT its log did not show (and so I did not fix):
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachF ile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com

However, I missed this one (and also did not fix with HJT)
O20 - AppInit_DLLs: WIKI.DLL

For some reason I noticed it on your list when I began writing this reply and I ran HJT again and O20 - AppInit_DLLs: WIKI.DLL was no longer found so either PCTools or ComboFix took care of it. Sorry about the oversight. When I did a search in regedit the only incidence of wiki.dll now appears to be residing at: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\003. I believe this is a history of the Windows Explorer Search Function but I’m not sure.

So, I uninstalled my AVG, ran HJT (with the exception noted above), installed PCTools virus check and allowed it to run its scan as part of the installation. PCTools found three problems and indicated that it fixed three problems. However, in the PCTools log below it mentions that since it couldn’t connect to the internet (I had disabled internet access) “Smart update was unable to run because a internet connection was not found. Please check your network settings and try again.“ Futher the log seems ambiguous in that the last three (and most severe) infections do not have any comment that they were cleaned. (Is this OK?) I shut down PCTools and ran ComboFix. ComboFix required the installation of MSW Recovery Console so I re-activated PCTools and allowed the intall. I rebooted the computer and shut down PCTools again and ran ComboFix.

ComboFix ran completely. At the end, there was an error message: PEV.EXE: The File or directory C:\Windows\NtUninstalKB953838_0$\inseng.dll is corrupt and unreadable. Please run the chkdsk utility.

I did a quick check of the ComboFix log and noticed that it mentioned the Trusted Zones again but the other “fixed” items did not seem to be mentioned. The log is appended below.

I have not tried to run PCTools again with the internet connected, nor have I run chkdsk yet. (Update, upon restarting the computer chkdsk ran automatically.)

I look forward to your analysis!

Thanks again for your efforts,
Mike

*********************************************************
First HJT log at process start-up:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:21:59 PM, on 3/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AirLink101\AWLL5026\WLService.exe
C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\V0400Mon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\BXNEWF~1\bxExpHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=
EN&prodOS=&lf=BLUE
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT 9\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DateInTray] C:\Program Files\DateInTray\DateInTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000022.0000004e&b=
00000082.0
0000046.000000b5&c=00000082.00000097.000001cf&d=00000082.00000101.00000313
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download FLV files in this page with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadFLV.htm
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Mike Keplinger\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/stg_drm.ocx
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228453353859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AWLL5026 WLService - Unknown owner - C:\Program Files\AirLink101\AWLL5026\WLService.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 16684 bytes
********************************************************

PCTools Installation Scan Log

PC Tools PC Tools AntiVirus Free
Date Status
3/5/2011 9:46:29 AM:390 Service Started
PC Tools AntiVirus Free Service Application started
3/5/2011 9:46:29 AM:390 Anti-Malware Engine
Anti-Malware engine configuration failure: #-1
3/5/2011 9:53:41 AM:281 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/5/2011 9:53:49 AM:906 Scan Started
Scan Type - Intelli-Scan

3/5/2011 9:53:59 AM:46 Immunizer Results
ActiveX section has been immunized, Processed 4518 items.
3/5/2011 9:54:44 AM:156 IntelliGuards status
All IntelliGuards were Enabled
3/5/2011 9:54:47 AM:625 Immunizer Results
ActiveX section has been immunized. No items were processed.

3/5/2011 9:54:54 AM:437 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/5/2011 9:54:54 AM:437 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/5/2011 9:54:54 AM:625 Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - server.iad.liveperson.net/ server.iad.liveperson.net

3/5/2011 9:55:53 AM:734 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 781
Threats Detected - 2
Infections Detected - 3

3/5/2011 9:56:23 AM:46 Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/5/2011 9:56:23 AM:46 Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/5/2011 9:56:23 AM:62 Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - server.iad.liveperson.net/ server.iad.liveperson.net

3/5/2011 9:56:25 AM:187 Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 3
Remove Failed - 0

3/5/2011 10:09:44 AM:890 Scan Started
Scan Type - Full Scan

3/5/2011 10:36:16 AM:531 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Joe Jones\Favorites\Work Favorites\Business Machines\Software\Activation Codes\Astalavista.MS - abbyy finereader 8 download results crack serial keygen patch warez torrent free p2p direct download.url

3/5/2011 11:55:57 AM:265 Infection was detected on this computer
Threat Name - Backdoor.Radmin!ct
Type - File
Risk Level - Medium
Infection - C:\Program Files\HPs Original Online Services\Vonage\Xtras\regxtra121.x32

3/5/2011 12:37:43 PM:281 Smart Update
Smart update was unable to run because a internet connection was not found. Please check your network settings and try again.

3/5/2011 2:30:46 PM:93 Infection was detected on this computer
Threat Name - SecurityRisk.AdShortcuts
Type - File
Risk Level - Medium
Infection - C:\_Downloads\Unlocker\unlocker1.8.7.exe

3/5/2011 2:46:43 PM:828 Scan Finished
Scan Type - Full Scan
Items Processed - 544791
Threats Detected - 3
Infections Detected - 3
**************************************************************

ComboFix Log

ComboFix 11-03-04.06 - Joe Jones 03/05/2011 15:52:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1481 [GMT -6:00]
Running from: c:\_downloads\ComboFix\ComboFix.exe
AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\~t6.tmp
c:\windows\Downloaded Program Files\ODCTOOLS\~t7.tmp
c:\windows\ST6UNST.000
c:\windows\system32\AutoRun.inf
c:\windows\system32\KGyGaAvL.sys
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 15:47 . 2011-03-05 15:47   --------   d-----w-   c:\documents and settings\Joe Jones\Local Settings\Application Data\Threat Expert
2011-03-05 15:45 . 2011-03-05 15:45   --------   d-----w-   c:\documents and settings\Joe Jones\Application Data\PC Tools
2011-03-02 01:10 . 2011-03-02 01:10   388096   ----a-r-   c:\documents and settings\Joe Jones\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-02 01:10 . 2011-03-02 01:10   --------   d-----w-   c:\program files\Trend Micro
2011-03-01 12:43 . 2011-03-01 13:03   --------   d-----w-   c:\documents and settings\Joe Jones\Pavark
2011-02-28 23:24 . 2011-02-28 23:24   --------   d-----w-   c:\documents and settings\Joe Jones\Application Data\SUPERAntiSpyware.com
2011-02-28 23:24 . 2011-02-28 23:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-28 23:23 . 2011-02-28 23:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-16 05:17 . 2001-08-17 19:47   12928   ----a-w-   c:\windows\system32\drivers\Dot4Prt.sys
2011-02-16 05:17 . 2001-08-17 19:47   12928   ----a-w-   c:\windows\system32\dllcache\dot4prt.sys
2011-02-16 05:17 . 2001-08-18 04:36   324608   ----a-w-   c:\windows\system32\hpojwia.dll
2011-02-16 05:17 . 2001-08-18 04:36   324608   ----a-w-   c:\windows\system32\dllcache\hpojwia.dll
2011-02-16 05:17 . 2001-08-17 19:47   8704   ----a-w-   c:\windows\system32\drivers\Dot4scan.sys
2011-02-16 05:17 . 2001-08-17 19:47   8704   ----a-w-   c:\windows\system32\dllcache\dot4scan.sys
2011-02-16 05:17 . 2008-04-13 19:39   206976   ----a-w-   c:\windows\system32\drivers\Dot4.sys
2011-02-16 05:17 . 2008-04-13 19:39   206976   ----a-w-   c:\windows\system32\dllcache\dot4.sys
2011-02-16 05:17 . 2001-08-17 19:47   23808   ----a-w-   c:\windows\system32\drivers\Dot4usb.sys
2011-02-16 05:17 . 2001-08-17 19:47   23808   ----a-w-   c:\windows\system32\dllcache\dot4usb.sys
2011-02-15 19:46 . 2011-02-03 03:40   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 03:40 . 2010-04-16 13:36   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2007-05-18 04:54   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-01-25 17:36 . 2011-01-25 17:36   1409   ----a-w-   c:\windows\QTFont.for
2011-01-21 14:44 . 2006-03-16 04:00   439296   ------w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-16 04:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-06 17:54 . 2011-03-05 15:46   2125   ----a-w-   c:\windows\UDB.zip
2011-01-04 14:05 . 2011-01-04 14:05   695642   ----a-w-   c:\windows\unins000.exe
2010-12-31 13:10 . 2006-03-16 04:00   1854976   ------w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-16 04:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2009-02-25 07:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-02-25 07:14   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2006-03-16 04:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2006-03-16 04:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2006-03-16 04:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2006-03-16 04:00   730112   ------w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-16 04:00   385024   ------w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-03-16 04:00   718336   ------w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-03-16 04:00   33280   ------w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2006-03-16 04:00   2148864   ------w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2006-03-16 04:00   2027008   ------w-   c:\windows\system32\ntkrnlpa.exe
1998-12-09 02:53 . 1998-12-09 02:53   99840   ----a-w-   c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53   70144   ----a-w-   c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53   48640   ----a-w-   c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53   31744   ----a-w-   c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53   186368   ----a-w-   c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53   17920   ----a-w-   c:\program files\Common Files\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"DateInTray"="c:\program files\DateInTray\DateInTray.exe" [2009-10-23 96768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-18 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"Act.Outlook.Service"="c:\program files\ACT 9\Act for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT 9\Act for Windows\ActSage.exe" [2007-03-28 1015808]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-06 94208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-16 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Joe Jones\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-2-11 1512448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 19:01   155648   ------w-   c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 21:41   145496   ----a-w-   c:\program files\Pinnacle\Studio 11\LaunchList2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT 9\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\miFiles\\miFiles.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\Virtual POP3 Server\\Virtual POP3-Server.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/5/2011 9:46 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/5/2011 9:46 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/5/2011 9:46 AM 656320]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 AM 15328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [7/13/2008 6:09 PM 39408]
R2 AWLL5026 WLService;AWLL5026 WLService;c:\program files\AirLink101\AWLL5026\WLService.exe [11/23/2010 7:55 PM 49152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/5/2011 9:46 AM 247760]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 4:29 AM 29178224]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [8/25/2009 12:16 PM 220128]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [10/4/2009 4:50 PM 19968]
R3 zonescreen;zonescreen;c:\windows\system32\drivers\zsport.sys [10/21/2010 8:12 PM 10488]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 2:39 PM 61952]
S3 AVC1200;Adaptec AVC-1200 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [3/13/2007 8:06 PM 175042]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [3/13/2007 8:08 PM 14273]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [11/17/2008 11:51 AM 1128944]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/5/2011 9:45 AM 366840]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [10/24/2009 6:47 AM 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [10/24/2009 6:47 AM 62592]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [4/4/2009 11:45 AM 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [4/4/2009 11:45 AM 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [4/4/2009 11:45 AM 166720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ     HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3449024481-383353879-3954239504-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3449024481-383353879-3954239504-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2010-11-25 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-11 22:37]
.
2010-11-11 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-11 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=EN&prodOS=&lf=BLUE
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download FLV files in this page with GetFLV - c:\program files\GetFLV\iemenu\DownloadFLV.htm
IE: Download linked FLV with GetFLV - c:\program files\GetFLV\iemenu\DownloadLinkFLV.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Joe Jones\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Joe Jones\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 16:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??

?L?@?

?X?

??`?@?

?L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3449024481-383353879-3954239504-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-03-05 16:05:14
ComboFix-quarantined-files.txt 2011-03-05 22:05
.
Pre-Run: 318,435,336,192 bytes free
Post-Run: 318,417,932,288 bytes free
.
- - End Of File - - 068E0205FBEAE67F3E11816A52ED792A
****************************************************

Final HJT Scan Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:12:45 PM, on 3/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\V0400Mon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\AirLink101\AWLL5026\WLService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=EN&prodOS=&lf=BLUE
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT 9\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT 9\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [DateInTray] C:\Program Files\DateInTray\DateInTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download FLV files in this page with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadFLV.htm
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Mike Keplinger\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/stg_drm.ocx
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228453353859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Reader's%20Digest%20Word%20Power/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AWLL5026 WLService - Unknown owner - C:\Program Files\AirLink101\AWLL5026\WLService.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Netw

Old_Curmudgeon · « **Reply #9 on:** March 07, 2011, 04:43:00 PM »

Evidently I cut off the log reports, here is the last line of the final HJT log and the Test.bat log that I mentioned in the previous post:

(Final HJT Log continued from previous post)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15763 bytes
*****************************************************************************************************

Test.bat / Log1.txt requested by Dave

Windows IP Configuration

Host Name . . . . . . . . . . . . : PC785018295244

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hal-pc.org

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hal-pc.org

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-76-71-04

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 204.52.135.1

204.52.135.2

Lease Obtained. . . . . . . . . . : Monday, March 07, 2011 1:06:20 PM

Lease Expires . . . . . . . . . . : Tuesday, March 08, 2011 1:06:20 PM

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-36-A3-4E-37

Server: ns4.hal-pc.org
Address: 204.52.135.1

Name: google.com
Addresses: 74.125.227.50, 74.125.227.51, 74.125.227.52, 74.125.227.48
     74.125.227.49

Server: hal-pc.org
Address: 204.52.135.1

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
     209.191.122.70

Pinging google.com [74.125.227.49] with 32 bytes of data:

Reply from 74.125.227.49: bytes=32 time=20ms TTL=51

Reply from 74.125.227.49: bytes=32 time=19ms TTL=51

Ping statistics for 74.125.227.49:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=19ms TTL=50

Reply from 209.191.122.70: bytes=32 time=19ms TTL=50

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 19ms, Average = 19ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de 76 71 04 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 16 36 a3 4e 37 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100     25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1     1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100     25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1     25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100     25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100     25
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100     1
255.255.255.255 255.255.255.255 192.168.1.100 3     1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15763 bytes

Test.bat / Log1.txt requested by Dave

Windows IP Configuration

Host Name . . . . . . . . . . . . : PC785018295244

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hal-pc.org

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hal-pc.org

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-76-71-04

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 204.52.135.1

204.52.135.2

Lease Obtained. . . . . . . . . . : Monday, March 07, 2011 1:06:20 PM

Lease Expires . . . . . . . . . . : Tuesday, March 08, 2011 1:06:20 PM

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-36-A3-4E-37

Server: ns4.hal-pc.org
Address: 204.52.135.1

Name: google.com
Addresses: 74.125.227.50, 74.125.227.51, 74.125.227.52, 74.125.227.48
     74.125.227.49

Server: hal-pc.org
Address: 204.52.135.1

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
     209.191.122.70

Pinging google.com [74.125.227.49] with 32 bytes of data:

Reply from 74.125.227.49: bytes=32 time=20ms TTL=51

Reply from 74.125.227.49: bytes=32 time=19ms TTL=51

Ping statistics for 74.125.227.49:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=19ms TTL=50

Reply from 209.191.122.70: bytes=32 time=19ms TTL=50

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 19ms, Average = 19ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de 76 71 04 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 16 36 a3 4e 37 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100     25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1     1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100     25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1     25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100     25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100     25
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100     1
255.255.255.255 255.255.255.255 192.168.1.100 3     1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

SuperDave · « **Reply #10 on:** March 07, 2011, 06:34:43 PM »

ComboFix is running from the wrong location. Please uninstall/ delete it, download a new version and save it to your desktop. Once that is done, please run the ComboFix script I have provided below and post the log.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com

MBR::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

***************************************************
Ok. We need to clear your DNS cache.

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

**************************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Old_Curmudgeon · « **Reply #11 on:** March 07, 2011, 10:35:12 PM »

Hi Dave,

I only ran ComboFix with thye CFScript.txt. During its log creation there were 4 corrupt file error messages:

a)PVE.cfxxe - Corrupt File
C\Documents and Settings\John Doe\Application Data
b)NirkMD.cfxxe-Corrupt File
The file or directory \ComboFix\pve.exe is corrupt and unreadable. Please run chkdsk.
c)Act9x\2007 has encountered a problem and needs to close. (I selected to send Windows an error report later.)
d)Reader_sl.exe - Corrupt File
The file or directory \Documen~1\John Doe\Application Data is corrupt and unreadable. Please run chkdsk.

Before I clear my DNS and run MRT.exe I thought that I should check with you and make sure whether I should go ahead and run chkdsk before these or try to run these first. (If the computer reboots I suspect that chkdsk will run automatically though.). I plan to leave the computer on until your response but it will likely hibernate or something in the meantime.

Please let me know how to proceed. By the way, the ACT program and SQL are the most critical programs that I would like to save after all of this. Any clue if it looks like the Trojan(?) will be successfully resolved?

Following is the ComboFix Log.

Thanks again,
Mike

*****************************************************************************************

ComboFix Log

This ComboFix log is impressive. I am unable to interpret most of its comments.

Some things that peaked my curiosity:
a) two references to AVG registry keys (I thought the AVG uninstaller would have remove anything AVG)
b) two references to Symantic AV & Firewall registry keys.

*********************************************************************************************************

ComboFix 11-03-07.02 - John Doe 03/07/2011 20:34:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1262 [GMT -6:00]
Running from: c:\documents and settings\John Doe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John Doe\Desktop\CFScript.txt
AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW346: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\system32\LogFiles . . . . Failed to delete
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-06 04:55 . 2011-03-06 04:55   --------   d-----w-   C:\found.000
2011-03-06 04:38 . 2011-03-07 19:58   952   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2011-03-05 15:47 . 2011-03-05 15:47   --------   d-----w-   c:\documents and settings\John Doe\Local Settings\Application Data\Threat Expert
2011-03-02 01:10 . 2011-03-02 01:10   388096   ----a-r-   c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-02 01:10 . 2011-03-02 01:10   --------   d-----w-   c:\program files\Trend Micro
2011-03-01 12:43 . 2011-03-01 13:03   --------   d-----w-   c:\documents and settings\John Doe\Pavark
2011-02-28 23:24 . 2011-02-28 23:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-28 23:23 . 2011-02-28 23:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-16 05:17 . 2001-08-17 19:47   12928   ----a-w-   c:\windows\system32\drivers\Dot4Prt.sys
2011-02-16 05:17 . 2001-08-17 19:47   12928   ----a-w-   c:\windows\system32\dllcache\dot4prt.sys
2011-02-16 05:17 . 2001-08-18 04:36   324608   ----a-w-   c:\windows\system32\hpojwia.dll
2011-02-16 05:17 . 2001-08-18 04:36   324608   ----a-w-   c:\windows\system32\dllcache\hpojwia.dll
2011-02-16 05:17 . 2001-08-17 19:47   8704   ----a-w-   c:\windows\system32\drivers\Dot4scan.sys
2011-02-16 05:17 . 2001-08-17 19:47   8704   ----a-w-   c:\windows\system32\dllcache\dot4scan.sys
2011-02-16 05:17 . 2008-04-13 19:39   206976   ----a-w-   c:\windows\system32\drivers\Dot4.sys
2011-02-16 05:17 . 2008-04-13 19:39   206976   ----a-w-   c:\windows\system32\dllcache\dot4.sys
2011-02-16 05:17 . 2001-08-17 19:47   23808   ----a-w-   c:\windows\system32\drivers\Dot4usb.sys
2011-02-16 05:17 . 2001-08-17 19:47   23808   ----a-w-   c:\windows\system32\dllcache\dot4usb.sys
2011-02-15 19:46 . 2011-02-03 03:40   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 03:40 . 2010-04-16 13:36   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2007-05-18 04:54   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-01-25 17:36 . 2011-01-25 17:36   1409   ----a-w-   c:\windows\QTFont.for
2011-01-21 14:44 . 2006-03-16 04:00   439296   ------w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-16 04:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-06 17:54 . 2011-03-05 15:46   2125   ----a-w-   c:\windows\UDB.zip
2011-01-04 14:05 . 2011-01-04 14:05   695642   ----a-w-   c:\windows\unins000.exe
2010-12-31 13:10 . 2006-03-16 04:00   1854976   ------w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-16 04:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2009-02-25 07:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-02-25 07:14   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2006-03-16 04:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2006-03-16 04:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2006-03-16 04:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2006-03-16 04:00   730112   ------w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-16 04:00   385024   ------w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-03-16 04:00   718336   ------w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-03-16 04:00   33280   ------w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2006-03-16 04:00   2148864   ------w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2006-03-16 04:00   2027008   ------w-   c:\windows\system32\ntkrnlpa.exe
1998-12-09 02:53 . 1998-12-09 02:53   99840   ----a-w-   c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53   70144   ----a-w-   c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53   48640   ----a-w-   c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53   31744   ----a-w-   c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53   186368   ----a-w-   c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53   17920   ----a-w-   c:\program files\Common Files\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"DateInTray"="c:\program files\DateInTray\DateInTray.exe" [2009-10-23 96768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-18 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"Act.Outlook.Service"="c:\program files\ACT 9\Act for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT 9\Act for Windows\ActSage.exe" [2007-03-28 1015808]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-06 94208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-16 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\John Doe\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-2-11 1512448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 19:01   155648   ------w-   c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 21:41   145496   ----a-w-   c:\program files\Pinnacle\Studio 11\LaunchList2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT 9\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\miFiles\\miFiles.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\Virtual POP3 Server\\Virtual POP3-Server.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/5/2011 9:46 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/5/2011 9:46 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/5/2011 9:46 AM 656320]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 AM 15328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [7/13/2008 6:09 PM 39408]
R2 AWLL5026 WLService;AWLL5026 WLService;c:\program files\AirLink101\AWLL5026\WLService.exe [11/23/2010 7:55 PM 49152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/5/2011 9:46 AM 247760]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [8/25/2009 12:16 PM 220128]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [10/4/2009 4:50 PM 19968]
R3 zonescreen;zonescreen;c:\windows\system32\drivers\zsport.sys [10/21/2010 8:12 PM 10488]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 4:29 AM 29178224]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 2:39 PM 61952]
S3 AVC1200;Adaptec AVC-1200 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [3/13/2007 8:06 PM 175042]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [3/13/2007 8:08 PM 14273]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [11/17/2008 11:51 AM 1128944]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/5/2011 9:45 AM 366840]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [10/24/2009 6:47 AM 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [10/24/2009 6:47 AM 62592]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [4/4/2009 11:45 AM 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [4/4/2009 11:45 AM 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [4/4/2009 11:45 AM 166720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ     HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3449024481-383353879-3954239504-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3449024481-383353879-3954239504-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2010-11-25 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-11 22:37]
.
2010-11-11 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-11 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=EN&prodOS=&lf=BLUE
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download FLV files in this page with GetFLV - c:\program files\GetFLV\iemenu\DownloadFLV.htm
IE: Download linked FLV with GetFLV - c:\program files\GetFLV\iemenu\DownloadLinkFLV.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\John Doe\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 20:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe?

??L?@?

?X?

??`?@?

?L?@
.
scanning hidden files ...
.
.
c:\documents and settings\John Doe\Application Data\Help
c:\documents and settings\John Doe\Application Data\Help\WinHlp32.BMK 63 bytes
c:\documents and settings\John Doe\Application Data\Macromedia
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\#SharedObjects
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\#SharedObjects\65GRP56U
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\macromedia.com
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\macromedia.com\support
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 2606 bytes
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\www.macromedia.com
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax
c:\documents and settings\John Doe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 1526544 bytes executable
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\dswMedia
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\Prefs
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\Prefs\5A9WZUS3
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\Shockwave Log 811 bytes
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MPEG3ImportExport
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundImportExport
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWAImportExport
c:\documents and settings\John Doe\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\XMLParser
c:\documents and settings\John Doe\Application Data\ABBYY
c:\documents and settings\John Doe\Application Data\ABBYY\FineReader
c:\documents and settings\John Doe\Application Data\ABBYY\FineReader\10.00
c:\documents and settings\John Doe\Application Data\ABBYY\FineReader\10.00\BatchTemplates
c:\documents and settings\John Doe\Application Data\ABBYY\FineReader\10.00\UserDictionaries
c:\documents and settings\John Doe\Application Data\ACT
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.Devices.Entities.FieldMetadata.XML 131658 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.ICompanyDetailView.ser 739 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.IContactDetailView.ser 891 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.IContactListView.ser 810 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.IGroupDetailView.ser 729 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.IGroupListView.ser 381 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.IKeywordSearch.ser 442 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.ILookupContacts.ser 373 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Act.UI.ITaskView.ser 296 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\ActApplicationInteropNumber.tcp 54 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\ACTLOG.XML 10073 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\ACTLOG2.XML 11946 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\ACTNumber.tcp 54 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\DependentDlls.xml 625 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\HistoryQueue
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\IMPORT_EXPORT_LOG.xml 2306 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\InternetServicesLibraryTabNumber.tcp 54 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\layoutdesigner.mru 558 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Netlinks
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Netlinks\InternetLinks.xml 4844 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EMAIL_ACTEMAIL_MESSAGEWINDOWPOSITION 72 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_NAVBAR_STANDARDNAVVIEW9 738 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\ConnectedBars253 8243853 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\DisconnectedBar181 445029 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_ACT_UI_UIDATABASEMANAGER_MRU 515 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EMAIL_ACTEMAIL_MAINWINDOWPOSITION 72 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_GENERAL_DEFAULTWORDPROCESSOR 341 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_GENERAL_DEFAULTWORDPROCESSOR_ACT 321 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_GENERAL_DEFAULTWORDPROCESSOR_WORD2000ORXP 341 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_GENERAL_DUPLICATECHECKING_ENABLE 53 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_DATABASE_MRU 464 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_OPPORTUNITYTAB_STARTWITHTHESECOLUMNS 170 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_OPPORTUNITYTAB_STARTWITHTHESECOLUMNS_CONTACT 170 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_OPPORTUNITYTAB_STARTWITHTHESECOLUMNWIDTHS 28 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_OPPORTUNITYTAB_STARTWITHTHESECOLUMNWIDTHS_CONTACT 28 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_OPPORTUNITY_STARTWITHTHESECOLUMNS 170 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_STARTUP_OPPORTUNITY_STARTWITHTHESECOLUMNWIDTHS 28 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\USpreferences206.xml 60793 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\USpreferences206.xml.old 60853 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\USpreferences206.xmlbad07012008061200.txt 32602 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\USpreferences206.xmlbad07012008061556.txt 32602 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EMAIL_ACTEMAIL_SIGNATURECOLLECTION 46 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EMAIL_ACTEMAIL_SIGNATURE_FE7F63B9-8353-46E7-AAF6-78B10F4E5192 291 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_COMMANDBARS_DISCONNECTEDFACTORYDEFAULSHORTCUTS 3882 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_COMMANDBARS_FACTORYDEFAULSHORTCUTS 34736 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_CUSTOMMENUITEMS_CUSTOMCOMMANDS 240 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_CUSTOMMENUITEMS_CUSTOMMACROS 240 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_IMAGES_URNTOIMAGENAMEHASH 8224 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_NAVBAR_CLASSICNAVVIEW9 733 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_NAVBAR_EXPANDEDNAVVIEW9 799 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Preferences\Preferences_EXPLORER_NAVBAR_ICONORDER 234 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\preferencesBak.xml 60853 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Spell
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Spell\custom1.dic 259 bytes
c:\documents and settings\John Doe\Application Data\ACT\ACT for Windows 9\Temporary Attachment Files
c:\documents and settings\John Doe\Application Data\ActUpdate.log 0 bytes
c:\documents and settings\John Doe\Application Data\Adobe
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst 496 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst 73106 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\Collab
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\Collab\RSS 103 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\JavaScripts
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js 10 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\Preferences
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\Updater
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt 23562 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js 34972 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\7.0\UserCache.bin 66023 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst 9243 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst 136754 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\JavaScripts
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.js 0 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.settings.js 10 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\Synchronizer
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\Synchronizer\adobesynchronizersu80 0 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80 21504 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\TMDocs.sav 36 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav 54 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Acrobat\8.0\UserCache.bin 71103 bytes
c:\documents and settings\John Doe\Application Data\Adobe\AUM
c:\documents and settings\John Doe\Application Data\Adobe\Flash Player
c:\documents and settings\John Doe\Application Data\Adobe\Flash Player\AssetCache
c:\documents and settings\John Doe\Application Data\Adobe\Flash Player\AssetCache\T48LKVHE
c:\documents and settings\John Doe\Application Data\Adobe\Flash Player\AssetCache\T48LKVHE\1C04C61346A1FA3139A37D860ED92632AA13DECF.heu 148 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Flash Player\AssetCache\T48LKVHE\1C04C61346A1FA3139A37D860ED92632AA13DECF.swz 565987 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Flash Player\AssetCache\T48LKVHE\cacheSize.txt 7 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd
c:\documents and settings\John Doe\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur
c:\documents and settings\John Doe\Application Data\Adobe\Online Services
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\cache
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\cache\cache.dat 46 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients\Photoshop Album Starter Edition
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients\Photoshop Album Starter Edition\notifications.dat 105 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients\Photoshop Album Starter Edition\preferences.dat 52 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients\Photoshop Album Starter Edition\sessions
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\apd.prf 300 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\customevents.dat 8 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\email.xml 1186 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\Logse30.txt 97 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\psa.prf 1370 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\psase30.xml 138 bytes
c:\documents and settings\John Doe\Application Data\Adobe\Photoshop Album\3.0\status.dat 1110 bytes
c:\documents and settings\John Doe\Application Data\AdobeUM
c:\documents and settings\John Doe\Application Data\Aladdin Systems
c:\documents and settings\John Doe\Application Data\Aladdin Systems\InternetCleanup
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\ArchiveSearch
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\ArchiveSearch\exclude.db 30 bytes
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\Catalog
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\Catalog\exclude.db 30 bytes
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\RegCard
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\RegCard\regcard.db 20 bytes
c:\documents and settings\John Doe\Application Data\Aladdin Systems\StuffIt\Temp
c:\documents and settings\John Doe\Application Data\Apple Computer
c:\documents and settings\John Doe\Application Data\Apple Computer\iTunes
c:\documents and settings\John Doe\Application Data\Apple Computer\iTunes\iTunes Plug-ins
c:\documents and settings\John Doe\Application Data\Apple Computer\iTunes\iTunesPrefs.xml 129586 bytes
c:\documents and settings\John Doe\Application Data\Apple Computer\QuickTime
c:\documents and settings\John Doe\Application Data\Auslogics
c:\documents and settings\John Doe\Application Data\Auslogics\Disk Defrag
c:\documents and settings\John Doe\Application Data\Auslogics\Disk Defrag\Reports
c:\documents and settings\John Doe\Application Data\Auslogics\Disk Defrag\Reports\C_Disk_Defrag_Report.html 1568497 bytes
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Logs
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Logs\2008-29-05-23-39-03.log 2644 bytes
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Logs\2010-17-07-12-55-08.log 1794 bytes
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Logs\RD.Sta 53 bytes
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Reports
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Reports\RegistryDefrag.html 8045 bytes
c:\documents and settings\John Doe\Application Data\Auslogics\Registry Defrag\Reports\RegistryDefrag.xml 1996 bytes
c:\documents and settings\John Doe\Application Data\AVG10
c:\documents and settings\John Doe\Application Data\AVG10\cfgall
c:\documents and settings\John Doe\Application Data\AVG10\cfgall\outlook.cfg 197 bytes
c:\documents and settings\John Doe\Application Data\AVG10\cfgall\usergui.cfg 330 bytes
c:\documents and settings\John Doe\Application Data\calibre
c:\documents and settings\John Doe\Application Data\calibre\conversion
c:\documents and settings\John Doe\Application Data\calibre\conversion\comic_input.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\debug.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\epub_output.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\fb2_input.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\look_and_feel.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\lrf_output.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\metadata.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\mobi_output.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\page_setup.py 34 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\pdb_input.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\pdf_input.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\structure_detection.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\toc.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\conversion\txt_input.py 0 bytes
c:\documents and settings\John Doe\Application Data\calibre\dynamic.pickle 657 bytes
c:\documents and settings\John Doe\Application Data\calibre\global.py 2114 bytes
c:\documents and settings\John Doe\Application Data\calibre\gui.json 807 bytes
c:\documents and settings\John Doe\Application Data\calibre\gui.py 4545 bytes
c:\documents and settings\John Doe\Application Data\calibre\iterator.pickle 678 bytes
c:\documents and settings\John Doe\Application Data\calibre\plugins
c:\documents and settings\John Doe\Application Data\calibre\scheduler.xml 1994 bytes
c:\documents and settings\John Doe\Application Data\calibre\tweaks.py 5797 bytes
c:\documents and settings\John Doe\Application Data\Canon
c:\documents and settings\John Doe\Application Data\Canon\MX310 series
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\SCGR.MRK 25 bytes
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\SCGR.PV0 2083589 bytes
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\SCGR.PVR 1682306 bytes
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\SCGR.T00 403237 bytes
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\SCGR.TIN 4748 bytes
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\Temp
c:\documents and settings\John Doe\Application Data\Canon\MX310 series\Temp\SCGR.TMP 25 bytes
c:\documents and settings\John Doe\Application Data\Creative
c:\documents and settings\John Doe\Application Data\Creative\Live! Cam Center
c:\documents and settings\John Doe\Application Data\Creative\Live! Cam Center\Default.cfg 1920 bytes
c:\documents and settings\John Doe\Application Data\Creative\Live! Cam Center\Scheduler.cfg 32 bytes
c:\documents and settings\John Doe\Application Data\Creative\OpaQMan
c:\documents and settings\John Doe\Application Data\Creative\OpaQMan\457454C64BAF37B3 24 bytes
c:\documents and settings\John Doe\Application Data\Creative\Product Registration
c:\documents and settings\John Doe\Application Data\Creative\Product Registration\RegHistory.txt 947 bytes
c:\documents and settings\John Doe\Application Data\Creative\QueMan
c:\documents and settings\John Doe\Application Data\Creative\QueMan\Zen Vision_M Media Explorer 384 bytes
c:\documents and settings\John Doe\Application Data\Creative\Video Converter
c:\documents and settings\John Doe\Application Data\Creative\Video Converter\Creative Zen Vision_M.ini 40652 bytes
c:\documents and settings\John Doe\Application Data\Creative\Video Converter\MTP.cfg 55 bytes
c:\documents and settings\John Doe\Application Data\CyberLink
c:\documents and settings\John Doe\Application Data\CyberLink\MediaCache
c:\documents and settings\John Doe\Application Data\CyberLink\PowerCinema
c:\documents and settings\John Doe\Application Data\CyberLink\PowerDVD
c:\documents and settings\John Doe\Application Data\CyberLink\PowerDVD\DVDTitles.bmk 3072 bytes
c:\documents and settings\John Doe\Application Data\CyberLink\PowerProducer
c:\documents and settings\John Doe\Application Data\CyberLink\PowerProducer\3.0
c:\documents and settings\John Doe\Application Data\CyberLink\PowerProducer\3.0\Custom
c:\documents and settings\John Doe\Application Data\CyberLink\PowerProducer\3.0\Custom\Background
c:\documents and settings\John Doe\Application Data\CyberLink\PowerProducer\3.0\Custom\Default.fl 11130 bytes
c:\documents and settings\John Doe\Application Data\CyberLink\PowerStarter
c:\documents and settings\John Doe\Application Data\CyberLink\PowerStarter\5.0
c:\documents and settings\John Doe\Application Data\CyberLink\PowerStarter\5.0\favorite.cfg 11 bytes
c:\documents and settings\John Doe\Application Data\CyberLink\PowerStarter\5.0\Profile.ini 116 bytes
c:\documents and settings\John Doe\Application Data\default.pls 155 bytes
c:\documents and settings\John Doe\Application Data\default.rss 210 bytes
c:\documents and settings\John Doe\Application Data\DeLorme
c:\documents and settings\John Doe\Application Data\DeLorme\SA2009
c:\documents and settings\John Doe\Application Data\DeLorme\SA2009\Router
c:\documents and settings\John Doe\Application Data\DeLorme\SA2009\Router\RoadEdits.tbl 7 bytes
c:\documents and settings\John Doe\Application Data\DeLorme\SA2009\speech_pronunciation.tab 4538 bytes
c:\documents and settings\John Doe\Application Data\DeLorme\SA2009\user_keyschemes
c:\documents and settings\John Doe\Application Data\desktop.ini 62 bytes
c:\documents and settings\John Doe\Application Data\downloads.m3u 0 bytes
c:\documents and settings\John Doe\Application Data\DVDVideoSoftIEHelpers
c:\documents and settings\John Doe\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm 267 bytes
c:\documents and settings\John Doe\Application Data\FastStone
c:\documents and settings\John Doe\Application Data\FastStone\FSC
c:\documents and settings\John Doe\Application Data\Google
c:\documents and settings\John Doe\Application Data\Google\GoogleEarth
c:\documents and settings\John Doe\Application Data\Google\GoogleEarth\myplaces.backup.kml 14184 bytes
c:\documents and settings\John Doe\Application Data\Google\GoogleEarth\myplaces.kml 14184 bytes
c:\documents and settings\John Doe\Application Data\Google\GoogleEarth\myplaces.kml.tmp 14184 bytes
c:\documents and settings\John Doe\Application Data\Google\GoogleEarth\myplaces.old 13681 bytes
c:\documents and settings\John Doe\Application Data\Grisoft
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\quarantine
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filA0D7D259.dat 13990 bytes
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filB60DDA59.dat 13913 bytes
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\Reports
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\Reports\Report-Scan-20071013-223627.txt 3854 bytes
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\Reports\Report-Scan-20071016-015851.txt 1942 bytes
c:\documents and settings\John Doe\Application Data\Grisoft\AVG Antispyware 7.5\Reports\Report-Scan-20071025-080517.txt 6016 bytes
c:\documents and settings\John Doe\Application Data\MAGIX
c:\documents and settings\John Doe\Application Data\MAGIX\Common
c:\documents and settings\John Doe\Application Data\MAGIX\Common\CD-Cache
c:\documents and settings\John Doe\Application Data\MAGIX\PhotoManager
c:\documents and settings\John Doe\Application Data\Malwarebytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-02-25 (01-25-30).txt 1352 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-02-25 (12-45-21).txt 1134 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-01-03 (12-01-24).txt 815 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-09-07 (14-40-14).txt 814 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2011-02-28 (16-18-12).txt 1005 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2011-02-28 (16-49-41).txt 889 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2011-03-01 (02-46-49).txt 1006 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2011-03-01 (17-44-03).txt 921 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2011-03-06 (12-23-01).txt 923 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.23189 76 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.43836 144 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.52227 79 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.58815 144 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.70724 104 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP3.29586 124 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP3.81481 166 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.23189 20 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.43836 198008 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.52227 197976 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.58815 198008 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70724 36352 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR3.29586 86 bytes
c:\documents and settings\John Doe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR3.81481 356 bytes
c:\documents and settings\John Doe\Application Data\Microsoft
c:\documents and settings\John Doe\Application Data\Microsoft\LastFlashConfig.WFC 1746 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\AddIns
c:\documents and settings\John Doe\Application Data\Microsoft\Address Book
c:\documents and settings\John Doe\Application Data\Microsoft\Address Book\Administrator.wab 176594 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Address Book\Administrator.wab~ 176594 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.0.3705
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config 21926 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch 42558 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old 21926 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.1.4322
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config 21768 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch 61662 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v2.0.50727.42
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch 4126 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CLR Security Config\v2.0.50727.832
c:\documents and settings\John Doe\Application Data\Microsoft\Credentials
c:\documents and settings\John Doe\Application Data\Microsoft\Credentials\S-1-5-21-3449024481-383353879-3954239504-1005
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\00813F57C0CBB9A83349C874FD014078 372180 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4 35044 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\0897206B35294097C3660E62BCDB227C 2202 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\08E382DC40DC2B571439BB7A5449C239 696708 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\0EBB3788D77094423275558212CCE7B1 727 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\119EFCC56A568F53AA7025356F876799 227665 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\1B9435E949F2B3D267BABDE0C8BC19A6 569226 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\1C4E554353AB278B1DD0E7329C5388D7 794 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\1CE9F5C74186E7B86A5CC6A85C21C64C 969 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D 2308 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 571 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 32042 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\9CD8982C888AB544945893084BD7523A 389 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\A0F226E8ACF8E1672AF808D7CAF4AD47 2202 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211 597 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD 558 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 96019 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\A92ECB803776646616CF2949CC6BAC5D 1302 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\B171751C11ECDD4C0C4BC4BBF7B99FBF 43637 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\B681B8816EE79EAEAA5CA7DA9EC0DC58 429 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 64324 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\C554DCF706A5AAB8B360FAD227EAB9C7 1310 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67 469 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\D0F063B6B88A2B8BFE21C3993A613447 822 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\D725F3459E2275E9EA5871B92AD896D0 16450 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 262742 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\4DB1DABDF57ED9997FE8DCC77E93C04F 12221 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\5209B26A762CFE608406374019066239 1220 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\52FE9FFE4780FF24EC690DB2F1D013CE 1518 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\5495C2E4531B22B3185CE59F8E73C447 14774 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\5553AF14BD4C3B1DE599145FD14950E0 706 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\570FB14ABC805C46708F32F92F10C3B4 649 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\5C45AD19E3530EC4218F560AFC04C3F7 533 bytes

Old_Curmudgeon · « **Reply #12 on:** March 07, 2011, 10:42:02 PM »

Combofix + CFScript.txt continued:

Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 14468 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 898 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD 781 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6 14760 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 337917 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 413 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\DEEA0BD81CC3B68E08E92D12B0916963 12448 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A 574 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\E2EF7F0FB7284B9ACFD4F65D02218479 772 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 558 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\E8974A4669383843486E5AFDB09650F5 2249 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\F063BF7EF604434CBE00FF198F0D9B10 619 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 70226 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 460 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\F78CAE5D65CB8F387E2E0E15EF7E4AE3 4990 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 863 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\FCEA474F228C13CD0DAD678431D0ACFC 494 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\25DC8EBAAF0977851B37F37B2F6458F4 497115 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\2659C1A560AB92C9C29D4B2B25815AE8 545 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 18 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\2D5D5538198ADA46EF72763E18DD7E70 569 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 341 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D 552 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\33C6C29AF2AC6A11ED7E7C6A84B7EFA5 1815 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\33ECCD4EC2899E5F6A7E306662596E0F 1184 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\3C19F8F5C2A69BEC912EF5B953293907 1294 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217 569 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 552 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 469 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\00813F57C0CBB9A83349C874FD014078 124 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\0897206B35294097C3660E62BCDB227C 194 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\08E382DC40DC2B571439BB7A5449C239 116 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\0EBB3788D77094423275558212CCE7B1 138 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\119EFCC56A568F53AA7025356F876799 130 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\1B9435E949F2B3D267BABDE0C8BC19A6 134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\1C4E554353AB278B1DD0E7329C5388D7 206 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\1CE9F5C74186E7B86A5CC6A85C21C64C 204 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D 112 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 216 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\9CD8982C888AB544945893084BD7523A 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\A0F226E8ACF8E1672AF808D7CAF4AD47 194 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211 142 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD 146 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 124 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\A92ECB803776646616CF2949CC6BAC5D 126 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\B171751C11ECDD4C0C4BC4BBF7B99FBF 128 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\B681B8816EE79EAEAA5CA7DA9EC0DC58 136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 128 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\C554DCF706A5AAB8B360FAD227EAB9C7 100 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67 98 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\D0F063B6B88A2B8BFE21C3993A613447 178 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\D725F3459E2275E9EA5871B92AD896D0 110 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 120 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\4DB1DABDF57ED9997FE8DCC77E93C04F 98 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\5209B26A762CFE608406374019066239 142 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\52FE9FFE4780FF24EC690DB2F1D013CE 160 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\5495C2E4531B22B3185CE59F8E73C447 122 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\5553AF14BD4C3B1DE599145FD14950E0 206 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\570FB14ABC805C46708F32F92F10C3B4 174 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C45AD19E3530EC4218F560AFC04C3F7 118 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 110 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 94 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD 156 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 124 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 98 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\DEEA0BD81CC3B68E08E92D12B0916963 106 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A 140 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\E2EF7F0FB7284B9ACFD4F65D02218479 138 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 144 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\E8974A4669383843486E5AFDB09650F5 124 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\F063BF7EF604434CBE00FF198F0D9B10 206 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 128 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 110 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\F78CAE5D65CB8F387E2E0E15EF7E4AE3 238 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\FCEA474F228C13CD0DAD678431D0ACFC 130 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\25DC8EBAAF0977851B37F37B2F6458F4 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\2659C1A560AB92C9C29D4B2B25815AE8 146 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 216 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\2D5D5538198ADA46EF72763E18DD7E70 138 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 126 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\33C6C29AF2AC6A11ED7E7C6A84B7EFA5 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\33ECCD4EC2899E5F6A7E306662596E0F 140 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C19F8F5C2A69BEC912EF5B953293907 126 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217 142 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 132 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 98 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto\RSA
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3449024481-383353879-3954239504-1005
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3449024481-383353879-3954239504-1005\6b29ae44e85efac3c72ff4d1865d73f1_f66f1ad2-1750-4d0a-a95c-9e34b1b3b331 53 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3449024481-383353879-3954239504-1005\83aa4cc77f591dfc2374580bbd95f6ba_f66f1ad2-1750-4d0a-a95c-9e34b1b3b331 45 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3449024481-383353879-3954239504-1005\a077ead69703e3bf1fd373a3c9376faa_f66f1ad2-1750-4d0a-a95c-9e34b1b3b331 77 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3449024481-383353879-3954239504-1005\c4f6acbf8c363a5e2fa0ba0602c7f018_f66f1ad2-1750-4d0a-a95c-9e34b1b3b331 1703 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\ehshell.config 820 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images\2ddbd876-cfae-44b8-8cda-ad63734bcb4d-thumb.png 41246 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images\37baf479-af2f-4ac8-8416-25a4aae4da8a.png 23784 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images\54b12fef-3ce6-44eb-9533-838ac1126f15-thumb.png 33632 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images\56b42f59-e229-42bd-82bb-7be02f6a256b-thumb.png 148676 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images\83849645-b3c3-47ad-bb25-fdb73fa40705-thumb.png 22175 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\eHome\mcl_images\ehthumbs.db 1536 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Excel
c:\documents and settings\John Doe\Application Data\Microsoft\Excel\Excel.xlb 31460 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Excel\XLSTART
c:\documents and settings\John Doe\Application Data\Microsoft\HTML Help
c:\documents and settings\John Doe\Application Data\Microsoft\HTML Help\hh.dat 36038 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\IMJP8_1
c:\documents and settings\John Doe\Application Data\Microsoft\IMJP8_1\imjp81u.dic 32768 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 3584 bytes executable
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 388096 bytes executable
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe 10134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe 10134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{849089CF-4988-49ED-A2DD-110CD5D9D7E8}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{849089CF-4988-49ED-A2DD-110CD5D9D7E8}\Icon849089CF.exe 57856 bytes executable
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_21F3885A18D238E15AAE81.exe 43646 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_455EF241629E11584EA727.exe 29926 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_6FEFF9B68218417F98F549.exe 109534 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_81A4006ABC1B62DCE5F5CA.exe 43646 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_D707CE1C009F1381803C2C.exe 43646 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_EF7BC6DDBE20B4C1311492.exe 43646 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe 10134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe 10134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\1033.MST 3584 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe 10134 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{E1FC7666-8BFC-11DD-8CC0-6FB956D89593}
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{E1FC7666-8BFC-11DD-8CC0-6FB956D89593}\MainExecutable 52472 bytes executable
c:\documents and settings\John Doe\Application Data\Microsoft\Installer\{E1FC7666-8BFC-11DD-8CC0-6FB956D89593}\zsserver.exe 52472 bytes executable
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\brndlog.bak 10389 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\brndlog.txt 15949 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Desktop.htt 2128 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\ACT! by Sage.lnk 1712 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\ClickGone.lnk 786 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini 170 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 825 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk 790 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Make videos & slideshows.lnk 2296 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk 1488 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Micrografx Picture Publisher 8.lnk 874 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk 2491 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\miFiles.lnk 676 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk 1630 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk 2355 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk 1535 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFill PDF Editor.lnk 1847 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Roxio Easy VHS to DVD.lnk 1933 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk 776 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FSCapture.exe.lnk 790 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Virtual Magnifying Glass.lnk 725 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk 1503 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Media Catalog
c:\documents and settings\John Doe\Application Data\Microsoft\Media Catalog\artgal50.mmc 132008 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Media Player
c:\documents and settings\John Doe\Application Data\Microsoft\Media Player\00066072.wpl 192 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MMC
c:\documents and settings\John Doe\Application Data\Microsoft\MMC\dfrg 33228 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MMC\secpol 96836 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MMC\SQLServerManager 96085 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MSE
c:\documents and settings\John Doe\Application Data\Microsoft\MSE\CmdUI.PRF 7419 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MSE\mse.sln 60 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MSE\mse.suo 2560 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\MSE\viewssrc.prf 49664 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Excel.pip 1436 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Excel11.pip 1544 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\MSO1031.acl 30 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\MSO1033.acl 37848 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\MSO2057.acl 36160 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\MSOutlo.pip 1404 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\030111 AVG scan results.csv.LNK 1051 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Anti MalWare Logs.LNK 801 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\AVG.LNK 861 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Follow thru.doc.LNK 1003 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Forum Description.doc.LNK 1033 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Forum Description.htm.LNK 929 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Forum reply 2.doc.LNK 290 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Hijackthis Fixes.doc.LNK 1057 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\HijackThis.LNK 902 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\how to use hijackthis.doc.LNK 1082 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Malware removal guide.doc.LNK 1053 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\My Documents.LNK 665 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Normal.dot.LNK 890 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\notes.LNK 873 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\ScanLogs (E).LNK 187 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Specialist Response.doc.LNK 971 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Specialist Response2.doc.LNK 976 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Specialist Response3.doc.LNK 976 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Templates.LNK 787 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Recent\Word.LNK 769 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\VB.pip 108 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Word.pip 1528 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Office\Word11.pip 1684 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Outlook
c:\documents and settings\John Doe\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.FAV 32468 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.NICK 0 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.RWZ 1476 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Outlook\outcmd.dat 3371 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Proof
c:\documents and settings\John Doe\Application Data\Microsoft\Proof\CUSTOM.DIC 98 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Proof\custom.dicProof 0 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\CREDHIST 160 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-284687374-4142427671-3046780176-500
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-284687374-4142427671-3046780176-500\ac0ab5cf-20d9-48a6-a2ac-f75480980a46 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-284687374-4142427671-3046780176-500\Preferred 24 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\015fcf1d-63b7-4ede-a5c5-faa7d2cfab74 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\02333641-c3ba-4f31-8552-e7c387e56da7 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\0d351497-0311-4c43-8e78-076f7ed2ecf3 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\27add164-9371-49c7-8923-46e6f1026007 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\3ff7d180-6fef-4b08-b475-c9192b4c13fb 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\586b270e-1e10-4ac1-9f99-daf109109470 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\7a05107b-d6b9-4a3a-89e4-9fb61e78649a 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\7e316953-fffc-4ab4-9293-8ecb155eeb8f 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\a82e8167-637a-476b-a795-8b2b7a019763 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\ac16946f-6d39-443e-afe4-c6911afab13f 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\b0400371-a2a3-427f-86ca-557f4d28d250 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\d3ce6fd9-8900-4925-88d7-f4570a497cb9 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\d6bc34e2-b141-4772-b0e3-dcebe98ac326 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\dc928cc3-0e4a-479e-99ff-08b0456ed707 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-3449024481-383353879-3954239504-1005\Preferred 24 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-776561741-1682526488-725345543-500
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-776561741-1682526488-725345543-500\d8bb1a05-43a2-4257-b302-5c4b20c2e2c2 388 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Protect\S-1-5-21-776561741-1682526488-725345543-500\Preferred 24 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Signatures
c:\documents and settings\John Doe\Application Data\Microsoft\Signatures\Work.htm 419 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Signatures\Work.rtf 371 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Signatures\Work.txt 96 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Speech
c:\documents and settings\John Doe\Application Data\Microsoft\Speech\Files
c:\documents and settings\John Doe\Application Data\Microsoft\Speech\Files\UserLexicons
c:\documents and settings\John Doe\Application Data\Microsoft\Speech\Files\UserLexicons\SP_CABBDEC41B1F4CCF898F2589E781EB23.dat 940 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Stationery
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\My
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\My\Certificates
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\My\CRLs
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\My\CTLs
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\Request
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\Request\Certificates
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\Request\CRLs
c:\documents and settings\John Doe\Application Data\Microsoft\SystemCertificates\Request\CTLs
c:\documents and settings\John Doe\Application Data\Microsoft\Templates
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\Normal 2.dot 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\Normal 3.dot 28672 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\Normal.dot 28672 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0003.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0004.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0005.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0006.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0007.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0008.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0009.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0010.tmp 28160 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0090.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0365.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL0556.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL1251.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL1464.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL1572.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL1843.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL2344.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL2425.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL2653.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL2725.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL2933.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL2963.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL3275.tmp 28160 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL3827.tmp 28160 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Templates\~WRL3841.tmp 26624 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Windows
c:\documents and settings\John Doe\Application Data\Microsoft\Windows\Themes
c:\documents and settings\John Doe\Application Data\Microsoft\Windows\Themes\Custom.theme 5601 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Word
c:\documents and settings\John Doe\Application Data\Microsoft\Word\STARTUP
c:\documents and settings\John Doe\Application Data\Microsoft\Word\~WRA0000.wbk 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Word\~WRA4095.wbk 44032 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Word\~WRL0462.tmp 20480 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Word\~WRL1015.tmp 27136 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Word\~WRL1777.tmp 19456 bytes
c:\documents and settings\John Doe\Application Data\Microsoft\Word\~WRL2439.tmp 20480 bytes
c:\documents and settings\John Doe\Application Data\Microsoft Web Folders
c:\documents and settings\John Doe\Application Data\Move Networks
c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin
c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 97144 bytes executable
c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\qsp2ie071301000019.dll 1010552 bytes executable
c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\Uninst.exe 34063 bytes executable
c:\documents and settings\John Doe\Application Data\Mozilla
c:\documents and settings\John Doe\Application Data\Mozilla\Extensions
c:\documents and settings\John Doe\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Crash Reports
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20101026210630 10 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\mimeTypes.rdf 3360 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\.autoreg 0 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\bookmarkbackups
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\bookmarkbackups\bookmarks-2010-10-28.json 4220 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\bookmarks.html 6284 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\cert8.db 65536 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\chrome
c:\documents and settings\John Doe\Application Data\Mozilla\Ficatchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\chrome\userContent-example.css 663 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\compatibility.ini 188 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\compreg.dat.bak 148699 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\content-prefs.sqlite 7168 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\cookies.sqlite 2048 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions\staged-xpis
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi 19153 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions.cache 773 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions.ini 342 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\extensions.rdf 4507 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\formhistory.sqlite 4096 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\key3.db 16384 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\localstore.rdf 1448 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\minidumps
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\permissions.sqlite 2048 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\places.sqlite 172032 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\pluginreg.dat.bak 9053 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\prefs.js 1420 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\prefs.js.BAK 1426 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\search.json 11719 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\search.sqlite 2048 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\secmod.db 16384 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\signons.sqlite 11264 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\urlclassifierkey3.txt 154 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\dh2guuz6.default\xpti.dat 102459 bytes
c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\profiles.ini 111 bytes
c:\documents and settings\John Doe\Application Data\muvee Technologies
c:\documents and settings\John Doe\Application Data\muvee Technologies\burnerList40.mve 2560 bytes
c:\documents and settings\John Doe\Application Data\muvee Technologies\session40.mve 3584 bytes
c:\documents and settings\John Doe\Application Data\muvee Technologies\UserProfiles
c:\documents and settings\John Doe\Application Data\muvee Technologies\UserProfiles\ComputerPlayback
c:\documents and settings\John Doe\Application Data\muvee Technologies\UserProfiles\Email
c:\documents and settings\John Doe\Application Data\muvee Technologies\UserProfiles\PocketPC
c:\documents and settings\John Doe\Application Data\muvee Technologies\UserProfiles\Webstream
c:\documents and settings\John Doe\Application Data\muvee Technologies\UserProfiles\WmvHD
c:\documents and settings\John Doe\Application Data\NCH Software
c:\documents and settings\John Doe\Application Data\NCH Software\Debut
c:\documents and settings\John Doe\Application Data\NCH Software\Debut\Logs
c:\documents and settings\John Doe\Application Data\NCH Software\Debut\Logs\2010-01-01 Debut Video Capture Software Log.txt 38 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\Debut\Logs\2010-06-30 Debut Video Capture Software Log.txt 99 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\Prism
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\cache.dat 1786 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\HD%201080.dat 636 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\HD%20720.dat 634 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\Internet%20Video.dat 219 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\PS3%20HD%201080.dat 240 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\PS3%20HD%20720.dat 238 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\Traditional%20TV.dat 633 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\Widescreen%20TV.dat 634 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\YouTube%20HQ.dat 222 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\YouTube%20Widescreen.dat 219 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\ComputerPresets\YouTube.dat 219 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\HD%201080.dat 636 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\HD%20720.dat 634 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\Internet%20Video.dat 219 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\PS3%20HD%201080.dat 240 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\PS3%20HD%20720.dat 238 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\Traditional%20TV.dat 633 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\Widescreen%20TV.dat 634 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\YouTube%20HQ.dat 222 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\YouTube%20Widescreen.dat 219 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\DataDiscPresets\YouTube.dat 219 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\filters.dat 9 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\PortablePresets
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\PortablePresets\iPhone%20%2F%20iPod%20Touch.dat 234 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\PortablePresets\iPod%20Classic.dat 234 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\PortablePresets\Mobile%20Phone.dat 289 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\PortablePresets\PSP.dat 234 bytes
c:\documents and settings\John Doe\Application Data\NCH Software\VideoPad\VideoOutput_AVI.wff 1028 bytes
c:\documents and settings\John Doe\Application Data\Nero
c:\documents and settings\John Doe\Application Data\Nero\Nero 9
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Burning ROM
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Burning ROM\UserImages.bmp 43062 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero ShowTime
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\InFAudioBurning.inf 162 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\InFCopyDisc.inf 748 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\InFDataBurning.inf 484 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\InFPlayFile.inf 328 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\InFPlayMedia.inf 332 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\NSSExternalInfoCache.xml 22626 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\NSSOptions.xml 5506 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero StartSmart\QLApps.xml 126 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NeroVisionLog.txt 9441 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\nve-am.bin 1172 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\nve-vobmap.bin 48 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\023DB420541D510B3947B4039BD87173.FAC 44097 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\043BEBB860073565E9B428B3E8A9F35E.FAC 46504 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\0B83224CCDEE06F9690F17026235AAF3.FAC 21774 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\0D3D8F2EAB8434378473F7EDC536C33C.FAC 60070 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\0D4E00831EC4670FDE9A9AFE5F21E097.FAC 39130 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\1149B2EA38CC87F0137484B5EA40E566.FAC 40080 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\161B88EB1DCA628AA53C5CAC7845FF45.FAC 46285 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\1EE756BC21C809D1CB92A06637F50FC6.FAC 38204 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\1F3F5467FB30DC244C59015F820DB66D.FAC 56889 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\94A7E3433CCD0217A0A4A6D7383BBB68.FAC 46787 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\961203E0D16264DE5A4172E9D095B5AE.FAC 44900 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\99FCD301D939A28B9BC72DC78A0BC013.FAC 42575 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\A36CE8B6ED1248746FB09BFC456530A5.FAC 48366 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\A779C22866849A9DC55D2D833AE67085.FAC 50540 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\B83618F8C820EFFFC4E3CBAAB62D99CD.FAC 74807 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\C296462538C89A71A65E2D8C93498164.FAC 29254 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\C9D8D8AF2EE1075194A5E1B33DED80FC.FAC 42340 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\CA63FC444CC46C04C33E3EDB38BD5807.FAC 51274 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\5888869287120688739C9EE952C888A1.FAC 44569 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\58893640B1F5ABCBCDE3160567B477F6.FAC 41028 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\5D2DAB16B8057CEE333BC4F062CEFD38.FAC 53016 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\5F963A0A3B769E1B090F9A5FB8A9B833.FAC 71932 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\69FCA64022F4DC8C9E12A59D03AEE267.FAC 45130 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\6DB2FB2A34BF4DCA11F60370638D688E.FAC 46059 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\73E0E6D7346EAE7404B6288BB172AF56.FAC 49473 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\7583F31FE184DC84F8F83010040BF897.FAC 43844 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\D2C3845C40D1606BB631D75D394258C8.FAC 50442 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\D72E4FE78B15F5DE176ED3B0E2FAFAA5.FAC 30955 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\D8BABBFA72CF7F57B586426200B1FCB5.FAC 50336 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\E5B7122EAC746413E71DDCBA775D1E99.FAC 45859 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\E5EF85D9B69567A0BB208B8B4B53EBA5.FAC 45101 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\E712D51E7C0591340699E4128D6DD25D.FAC 12418 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\E900237794AD544A2741BE4C1418DCD5.FAC 47017 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\F20876773AE31386F30AE4B73810FA8F.FAC 104879 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\F6EC051910FDA29523429BB588194726.FAC 20410 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\FA61232B790B5768C9979D39A21F69F3.FAC 50053 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\FFAA442F40FA89BC89CFA2632CCDAC53.FAC 41337 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\774F21630D9AD868D77BF8E846959C76.FAC 42639 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\81A6F5667F2FE5F8F59A3A3B8215C725.FAC 43372 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\82E31F3084BAA2603898A95545AEDA34.FAC 40861 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\83EC4EE4CE30C31CABA0F31414B1506E.FAC 47357 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\8894807922D95BFBAF466306077EB7B4.FAC 50433 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\8B0968540E38A3C28034CF82608E3A56.FAC 48685 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\920E51EF02C7B17CECA227531084FE9C.FAC 12968 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\22BB0305C6A89584F08F94A875D39E4A.FAC 47322 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\26F39CD0D2B54EBEE4F2464D87B2DE96.FAC 56166 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\2F22FFB98B77CCF07A3031BF0A89E207.FAC 52312 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\3BAE6F488BF759A4DB769C5FCF8B9019.FAC 47410 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\3D64E3D4DB7979CD108FC5B9EE95FD14.FAC 41342 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\49CFEEC410ABE4E673EB2C4DFB3C0A7E.FAC 47279 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\NVFACache\4F87F650A26F4027B4097F00AAC86D92.FAC 53030 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\TempBmp-Roxanne Teach 72810
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\TempMpeg
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero Vision\TempMpeg\TempMpeg.0001.mpeg 45056 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero3D
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\Nero3D\Direct3D.log 13130 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero 9\NeroShowTime.bmk 25088 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero BackItUp 4
c:\documents and settings\John Doe\Application Data\Nero\Nero BackItUp 4\Cache
c:\documents and settings\John Doe\Application Data\Nero\Nero BackItUp 4\Cache\BIU3.txt 1126 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero BackItUp 4\Cache\BIU4C.txt 1126 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero BackItUp 4\Cache\NeroBackItUp.txt 30086 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero BackItUp 4\Files
c:\documents and settings\John Doe\Application Data\Nero\Nero8
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero Burning ROM
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero Burning ROM\NeroHistory.log 40666 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero Burning ROM\UserImages.bmp 43062 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero StartSmart
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero StartSmart\newscache
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero StartSmart\newscache\c4271365c85cca0cb933918f47160aed 3638 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero StartSmart\NSSOptions.xml 4134 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero StartSmart\QLApps.xml 126 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero3D
c:\documents and settings\John Doe\Application Data\Nero\Nero8\Nero3D\Direct3D.log 171 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroShowTime.bmk 1536 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\GCHWCfg.bak 1594 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\GCHWCfg.xml 1594 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\NeroVisionLog.txt 2329 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\nve-am.bin 90 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\nve-vobmap.bin 48 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\NVFACache
c:\documents and settings\John Doe\Application Data\Nero\Nero8\NeroVision\NVFACache\50AB2EA2429E792C5C8CCD2C085ED891.FAC 1051 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\FeedManager
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\FeedManager\Feeds.db 35840 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\FeedManagerFacadeConfig.xml 119 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\InternetServices.conf 1546 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_0.rss 64937 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_1.rss 3150 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_2.rss 20538 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_3.rss 81 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_4.rss 81 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_5.rss 14866 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_6.rss 12486 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_7.rss 14780 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\NMInternetServices\nmp_8.rss 16582 bytes
c:\documents and settings\John Doe\Application Data\Nero\Nero8\OnlineServices\registrationinfo.xml 528 bytes
c:\documents and settings\John Doe\Application Data\Nero\NeroHistory.log 89231 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\1registrationinfo.xml 240 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\4registrationinfo.xml 240 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\FeedManager
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\FeedManager\Feeds.db 58368 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData\cddb.db 80960 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData\cddbplm.gcf 676928 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData\cddbplm.idx 1024 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData\cddbplm.pdb 768 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData\elists.db 1280256 bytes
c:\documents and settings\John Doe\Application Data\Nero\OnlineServices\MetaData\gncontent.cch 108384 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_1.jpg 77232 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_10.jpg 71255 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_11.jpg 75723 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_12.jpg 68453 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_13.jpg 92023 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_14.jpg 65061 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_15.jpg 64797 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_16.jpg 41748 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_2.jpg 67364 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_3.jpg 64067 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_4.jpg 55149 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_5.jpg 77713 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_6.jpg 56805 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_7.jpg 104953 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_8.jpg 60377 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\image_9.jpg 51525 bytes
c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\meta.xml 12203

Old_Curmudgeon · « **Reply #13 on:** March 08, 2011, 09:41:50 AM »

Combofix + CFScript.txt continued:

Sorry but this log keeps on going and going, here is more:

c:\documents and settings\John Doe\Application Data\Nero\PhotoShow II\Mariza's First 6 Months\meta.xml 12203 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower\album.jpg 5175 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower\album_info.txt 978 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower\thumbnails.cst 20992 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower\thumb__00003.jpg 5175 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\10_Lawn Mower\uninstall_album_info.txt 89 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\album.jpg 4048 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\album_info.txt 1989 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\thumbnails.cst 20992 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\thumb__00004.jpg 4048 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\thumb__00027.jpg 6860 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\thumb__00028.jpg 4048 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\thumb__00029.jpg 9565 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\11_Misc Photos\uninstall_album_info.txt 90 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\album.jpg 6615 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\album_info.txt 2743 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumbnails.cst 20992 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumb__00005.jpg 6615 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumb__00030.jpg 3893 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumb__00031.jpg 7764 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumb__00032.jpg 4955 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumb__00033.jpg 3032 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\thumb__00034.jpg 4629 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\13_Nature Photos\uninstall_album_info.txt 92 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00037.jpg 5280 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\album.jpg 5637 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\album_info.txt 6806 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumbnails.cst 25530 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00006.jpg 5637 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00035.jpg 5639 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00036.jpg 6175 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00038.jpg 6744 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00039.jpg 4611 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00040.jpg 5744 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00041.jpg 3824 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00042.jpg 5202 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00043.jpg 5558 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00044.jpg 4947 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00045.jpg 6141 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00046.jpg 4655 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00047.jpg 7258 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00048.jpg 4515 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\thumb__00049.jpg 4413 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\15_Mariza's First 6 Months\uninstall_album_info.txt 112 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\1_Misc Images
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\1_Misc Images\album_info.txt 465 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\1_Misc Images\uninstall_album_info.txt 113 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00008.jpg 6611 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\album.jpg 7578 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\album_info.txt 6081 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumbnails.cst 25530 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00001.jpg 7578 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00007.jpg 7040 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00009.jpg 4612 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00010.jpg 3372 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00011.jpg 3448 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00012.jpg 4496 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00013.jpg 8740 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00014.jpg 6579 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00015.jpg 6069 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00016.jpg 4007 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00017.jpg 5506 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00018.jpg 7593 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00019.jpg 6361 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\thumb__00020.jpg 5068 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\4_Furnace\uninstall_album_info.txt 100 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\album.jpg 7488 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\album_info.txt 3023 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumbnails.cst 20992 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00002.jpg 7488 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00021.jpg 8713 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00022.jpg 4954 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00023.jpg 4965 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00024.jpg 4693 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00025.jpg 7480 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\thumb__00026.jpg 5850 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\albums\9_Jo Lynn\uninstall_album_info.txt 86 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\album_10.jpg 5175 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\album_11.jpg 4048 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\album_13.jpg 6615 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\album_15.jpg 5637 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\album_4.jpg 7578 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\album_9.jpg 7488 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\holder_12345.jpg 7552 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\groups\1_My Albums\thumbnails.cst 20992 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\ignore_list.txt 139 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\trash_images
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\watch_info.txt 70 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\cache\watch_info_details.txt 68 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\Images Database.bin 13789 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\Images Database.txt 631 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\lead_raster_types.txt 36 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\messages
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\messages\photoShow5_Demo_forDM.swf 83330 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\messages\photoshow5_dvd.swf 66658 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\message_list.xml 196 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\message_rules.xml 275 bytes
c:\documents and settings\John Doe\Application Data\Nero\PS4 Image Database\video_types.txt 24 bytes
c:\documents and settings\John Doe\Application Data\Nero\setup_payloads
c:\documents and settings\John Doe\Application Data\OfficeUpdate12
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\500200_0x00000409.des 120652 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\500200_inventory.as 348352 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518823
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518823\518823.EXCEL.cab 3772715 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518823\518823.EXCEL.msp 4391332 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518844
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518844\518844.WINWORD.cab 4099546 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518844\518844.WINWORD.msp 4729988 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518859
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518859\518859.MSO9.cab 2876480 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cabs\518859\518859.MSO9.msp 4191944 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cache
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cache\518823
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cache\518844
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Cache\518859
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\ident.cab 7178 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\ident.ini 413 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\oudetect.cab 126235 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\oudetect.dll 264704 bytes executable
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\ouhistv3.log 1077 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\InstMSP_00001(0)_dw2_0.txt 3006 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\InstMSP_00001(1)_dw2_0.txt 3006 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\InstMSP_00001(2)_dw2_0.txt 3006 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\OU(00001).xml 2595 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\OU(00002).xml 8551 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\OU(00003).xml 4869 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\OU_MSI_518823_(00001).log 521928 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\OU_MSI_518844_(00001).log 521918 bytes
c:\documents and settings\John Doe\Application Data\OfficeUpdate12\Temp\OU_MSI_518859_(00001).log 522016 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\autocorr
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\autotext
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\autotext\mytexts.bau 567 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\backup
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic\dialog.xlc 339 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic\script.xlc 339 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic\Standard
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic\Standard\dialog.xlb 288 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic\Standard\Module1.xba 305 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\basic\Standard\script.xlb 349 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\arrowhd_en-US.soe 4308 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\autotbl.fmt 48408 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\classic_en-US.sog 30852 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\cmyk.soc 13132 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\gallery.soc 4408 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\hatching_en-US.soh 5238 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\html.soc 10766 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\javasettings_Windows_x86.xml 847 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\modern_en-US.sog 6840 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\palette_en-US.soc 5271 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\global
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\global\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\global\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\global\accelerator\en-US\current.xml 2207 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\dbapp
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\dbapp\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\dbapp\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\dbapp\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\dbapp\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\dbapp\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\accelerator\en-US\current.xml 8840 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\scalc\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\accelerator\en-US\current.xml 5173 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sdraw\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\accelerator\en-US\current.xml 925 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\simpress\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\accelerator\en-US\current.xml 2123 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\StartModule\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\accelerator\en-US\current.xml 10510 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\sweb\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\accelerator
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\accelerator\en-US
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\accelerator\en-US\current.xml 10510 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\images
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\images\Bitmaps
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\menubar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\statusbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\toolbar
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\standard.sob 385514 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\standard.soc 6643 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\standard.sod 2426 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\standard.soe 2665 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\standard.sog 4154 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\standard.soh 2171 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\styles_en-US.sod 1708 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\sun-color.soc 3919 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\config\web.soc 14420 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\database
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\database\biblio
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\database\biblio\biblio.dbf 343909 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\database\biblio\biblio.dbt 564226 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\database\biblio.odb 1661 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\gallery
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\gallery\sg100.sdv 2048 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\gallery\sg100.thm 538 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\gallery\sg30.sdv 2048 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\gallery\sg30.thm 565 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registration.xml 1665 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Paths.dat 4735 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.ProtocolHandler.dat 1028 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Recovery.dat 750 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Scripting.dat 693 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Security.dat 3337 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.SFX.dat 912 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Substitution.dat 570 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.TabBrowse.dat 303 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.TypeDetection.dat 1056 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.CalcCommands.dat 42159 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.CalcWindowState.dat 11852 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.Controller.dat 4666 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.dat 11277 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.DbuCommands.dat 13769 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.FirstStartWizard.dat 566 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Inet.dat 6212 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.LDAP.dat 503 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Accelerators.dat 106088 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Addons.dat 6942 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Views.dat 933 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Writer.dat 19985 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.WriterWeb.dat 1856 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Setup.dat 24492 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.System.dat 337 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.TypeDetection.Filter.dat 94171 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.TypeDetection.GraphicFilter.dat 11535 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.TypeDetection.Misc.dat 1288 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.TypeDetection.Types.dat 60183 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.TypeDetection.UISort.dat 3729 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.ucb.Configuration.dat 2592 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.ucb.Hierarchy.dat 441 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.ucb.Store.dat 485 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.UserProfile.dat 595 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.VCL.dat 183165 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Calc.dat 3567 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.OptionsDialog.dat 1178 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.DrawImpressCommands.dat 45074 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.WriterWindowState.dat 13707 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Commands.dat 398 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Common.dat 21953 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Compatibility.dat 1376 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.DataAccess.dat 12384 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.DataAccess.Drivers.dat 58611 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Draw.dat 1952 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Embedding.dat 7157 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Events.dat 403 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Histories.dat 1053 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Impress.dat 4941 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Java.dat 952 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Jobs.dat 2941 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Linguistic.dat 6195 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.Logging.dat 788 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.OOoImprovement.Settings.dat 755 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.DrawWindowState.dat 15824 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.Effects.dat 37462 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.Factories.dat 1117 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.GenericCommands.dat 129776 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.GlobalSettings.dat 439 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.ImpressWindowState.dat 17349 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.StartModuleCommands.dat 4565 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.StartModuleWindowState.dat 740 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.WriterCommands.dat 63451 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\cache\org.openoffice.Office.UI.WriterWebWindowState.dat 12245 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\Common.xcu 3229 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\Jobs.xcu 666 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\Linguistic.xcu 8477 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\OOoImprovement
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\OOoImprovement\Settings.xcu 469 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\Recovery.xcu 429 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\UI
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\UI\WriterWindowState.xcu 752 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\Views.xcu 6945 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Office\Writer.xcu 463 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\Setup.xcu 1714 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\ucb
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\ucb\Hierarchy.xcu 14102 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\registry\data\org\openoffice\ucb\Store.xcu 21816 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\Scripts
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\store
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\store\.templdir.cache 14096 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\temp
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\temp\Feedback
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\template
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\log.txt 318 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db 24576 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registry
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.executable.PackageRegistryBackend
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.script.PackageRegistryBackend
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.sfwk.PackageRegistryBackend
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 1 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages.db 24576 bytes
c:\documents and settings\John Doe\Application Data\OpenOffice.org\3\user\wordbook
c:\documents and settings\John Doe\Application Data\HP
c:\documents and settings\John Doe\Application Data\HP\CRMLogs
c:\documents and settings\John Doe\Application Data\HP\CRMLogs\ImageZone.htm 4780 bytes
c:\documents and settings\John Doe\Application Data\HP\Digital Imaging
c:\documents and settings\John Doe\Application Data\HP\QuickPlay
c:\documents and settings\John Doe\Application Data\HP\QuickPlay\Game
c:\documents and settings\John Doe\Application Data\HP\ScLogs
c:\documents and settings\John Doe\Application Data\HP\ScLogs\SolutionCenter.htm 42162 bytes
c:\documents and settings\John Doe\Application Data\HpUpdate
c:\documents and settings\John Doe\Application Data\HpUpdate\HpUpdate.Cache 78 bytes
c:\documents and settings\John Doe\Application Data\HpUpdate\HpUpdate.hidden 0 bytes
c:\documents and settings\John Doe\Application Data\HpUpdate\HpUpdate.log 34345 bytes
c:\documents and settings\John Doe\Application Data\Identities
c:\documents and settings\John Doe\Application Data\Identities\{382F8107-695E-4C5B-AFEC-2E07672ADE22}
c:\documents and settings\John Doe\Application Data\ieSpell
c:\documents and settings\John Doe\Application Data\ieSpell\CUSTOM.DIC 68 bytes
c:\documents and settings\John Doe\Application Data\InstallShield
c:\documents and settings\John Doe\Application Data\InstallShield\ISEngine12.0
c:\documents and settings\John Doe\Application Data\Intel
c:\documents and settings\John Doe\Application Data\Interact Commerce
c:\documents and settings\John Doe\Application Data\Interact Commerce\ACT
c:\documents and settings\John Doe\Application Data\Interact Commerce\ACT\RegUser.dat 193 bytes
c:\documents and settings\John Doe\Application Data\Intuit
c:\documents and settings\John Doe\Application Data\Intuit\Quicken
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Config
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Config\qw.cfg 1024 bytes
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Config\QWREMIND.INI 81 bytes
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Data
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Data\intuprof.ini 1071 bytes
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Data\QW.RMD 258304 bytes
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Log
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Log\DATA_LOG.TXT 14432 bytes
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Log\OLD_LOGS.TXT 187 bytes
c:\documents and settings\John Doe\Application Data\Intuit\Quicken\Log\qw.log 1563 bytes
c:\documents and settings\John Doe\Application Data\IsolatedStorage
c:\documents and settings\John Doe\Application Data\IsolatedStorage\StrongName.szwve4bl4b2fmcvm51bdqdtzvyokecgr
c:\documents and settings\John Doe\Application Data\IsolatedStorage\StrongName.szwve4bl4b2fmcvm51bdqdtzvyokecgr\identity.dat 514 bytes
c:\documents and settings\John Doe\Application Data\IsolatedStorage\StrongName.szwve4bl4b2fmcvm51bdqdtzvyokecgr\StrongName.pdbtke4fvrwggxeexbggpkrbqrg0pufb
c:\documents and settings\John Doe\Application Data\IsolatedStorage\StrongName.szwve4bl4b2fmcvm51bdqdtzvyokecgr\StrongName.pdbtke4fvrwggxeexbggpkrbqrg0pufb\Files
c:\documents and settings\John Doe\Application Data\IsolatedStorage\StrongName.szwve4bl4b2fmcvm51bdqdtzvyokecgr\StrongName.pdbtke4fvrwggxeexbggpkrbqrg0pufb\Files\preferences.xml 590 bytes
c:\documents and settings\John Doe\Application Data\IsolatedStorage\StrongName.szwve4bl4b2fmcvm51bdqdtzvyokecgr\StrongName.pdbtke4fvrwggxeexbggpkrbqrg0pufb\identity.dat 514 bytes
c:\documents and settings\John Doe\Application Data\Jabra
c:\documents and settings\John Doe\Application Data\Jabra\JabraCC
c:\documents and settings\John Doe\Application Data\Jabra\JabraCC\1.3.0.0
c:\documents and settings\John Doe\Application Data\KWorld Multimedia
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\DeviceNew.txt 21 bytes
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\KAgent.cfg 74 bytes
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\Pinfo.config 107 bytes
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\PLAYRECENT.LST 225 bytes
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\slog.txt 0 bytes
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\SPath.cfg 134 bytes
c:\documents and settings\John Doe\Application Data\KWorld Multimedia\HM\SPInfo.cfg 9 bytes
c:\documents and settings\John Doe\Application Data\Lavasoft
c:\documents and settings\John Doe\Application Data\Leadertech
c:\documents and settings\John Doe\Application Data\Leadertech\PowerRegister
c:\documents and settings\John Doe\Application Data\Leadertech\PowerRegister\PowerReg.dat 445 bytes
c:\documents and settings\John Doe\Application Data\PandoraRecovery
c:\documents and settings\John Doe\Application Data\PandoraRecovery\Profile.xml 1781 bytes
c:\documents and settings\John Doe\Application Data\PC Tools
c:\documents and settings\John Doe\Application Data\PC Tools\Spyware Doctor
c:\documents and settings\John Doe\Application Data\PC Tools\Spyware Doctor\quarantine
c:\documents and settings\John Doe\Application Data\PDF reDirect
c:\documents and settings\John Doe\Application Data\PDF reDirect\Batch_Printers
c:\documents and settings\John Doe\Application Data\PDF reDirect\Prefs_v2.ini 4954 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\NOT FOR PUBLIC RELEASE.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\APPROVED.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\APPROVED.pdf 6445 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\COMPLETED.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\COMPLETED.pdf 6501 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\CONFIDENTIAL - Yellow URH.ini 123 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\CONFIDENTIAL - Yellow URH.txt 33 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\CONFIDENTIAL-Text.ini 93 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\CONFIDENTIAL-Text.txt 20 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\CONFIDENTIAL.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\CONFIDENTIAL.pdf 6444 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\DRAFT - Text.ini 86 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\DRAFT - Text.txt 20 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\DRAFT BLUE.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\DRAFT BLUE.pdf 6169 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\DRAFT_ULH.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\DRAFT_ULH.pdf 5045 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\E-Mail.ini 67 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\E-Mail.pdf 6928 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\EXP Business Card.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\EXP Business Card.pdf 23943 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\FINAL.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\FINAL.pdf 5905 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\FOR COMMENT.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\FOR COMMENT.pdf 6195 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\FOR PUBLIC RELEASE.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\FOR PUBLIC RELEASE.pdf 6484 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\INFORMATION_ONLY.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\INFORMATION_ONLY.pdf 5864 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\NOT APPROVED.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\NOT APPROVED.pdf 6355 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\NOT FOR PUBLIC RELEASE.pdf 6447 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\OVERDUE.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\OVERDUE.pdf 6239 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\Page Number Footer.ini 99 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\Page Number Footer.txt 26 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\PAID IN FULL.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\PAID IN FULL.pdf 6337 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\PRELIMINARY RESULTS.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\PRELIMINARY RESULTS.pdf 6143 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\TOP SECRET_Yellow.ini 47 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\TOP SECRET_Yellow.pdf 9353 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\VOID.ini 44 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\VOID.pdf 6116 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\www.exp-systems.com.ini 131 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Stamps\www.exp-systems.com.txt 27 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\6762Asparagus Lasagna_1.jpg 75089 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\6943liscense agreement_1.jpg 144435 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\6943liscense agreement_2.jpg 102782 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\7983Vegan Chili_1.jpg 50739 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9321Curried Beans and veggies_1.jpg 68449 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9321Curried Beans and veggies_2.jpg 36097 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9548036410125-P0-Q3-C0-R0-L0-E0-B0-S0-H0_1.jpg 50739 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9550052530531-P0-Q3-C0-R0-L0-E0-B0-S0-H0_1.jpg 74660 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9550052530531-P0-Q3-C0-R0-L0-E0-B0-S0-H0_2.jpg 37849 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9553036018406-P0-Q2-C0-R0-L0-E0-B0-S0-H0_1.jpg 68449 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9553036018406-P0-Q2-C0-R0-L0-E0-B0-S0-H0_2.jpg 36097 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9554036018406-P0-Q3-C0-R0-L0-E0-B0-S0-H0_1.jpg 68449 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9554036018406-P0-Q3-C0-R0-L0-E0-B0-S0-H0_2.jpg 36097 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9556012178093-P0-Q2-C0-R0-L0-E0-B0-S0-H0_1.jpg 75089 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9567036288671-P0-Q3-C0-R0-L0-E0-B0-S0-H0_1.jpg 50739 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9578027986687-P0-Q2-C0-R0-L0-E0-B0-S0-H0_1.jpg 144435 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9578027986687-P0-Q2-C0-R0-L0-E0-B0-S0-H0_2.jpg 102782 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9869Yangshuo Eggplant_1.jpg 74660 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Thumbnails\9869Yangshuo Eggplant_2.jpg 37849 bytes
c:\documents and settings\John Doe\Application Data\PDF reDirect\Temp\Yangshuo Eggplant.pdf 48368 bytes
c:\documents and settings\John Doe\Application Data\pdf995
c:\documents and settings\John Doe\Application Data\pdf995\pdf995server.ini 28 bytes
c:\documents and settings\John Doe\Application Data\Real
c:\documents and settings\John Doe\Application Data\Real\Msg
c:\documents and settings\John Doe\Application Data\Real\Msg\Category.dat 224 bytes
c:\documents and settings\John Doe\Application Data\Real\Msg\SCategory.dat 106 bytes
c:\documents and settings\John Doe\Application Data\Real\RealConverter
c:\documents and settings\John Doe\Application Data\Real\RealConverter\RealConverter_1_0.xml 101153 bytes
c:\documents and settings\John Doe\Application Data\Real\RealMediaSDK
c:\documents and settings\John Doe\Application Data\Real\RealPlayer
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\26.dat 23 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\autoplaylist.dat 1030 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000001.tmd 2679 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000002.tmd 3734 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000003.tmd 3764 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000004.tmd 3782 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000005.tmd 2803 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000006.tmd 2723 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000007.tmd 2699 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000008.tmd 2740 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000009.tmd 2753 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000010.tmd 2810 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000011.tmd 2793 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000012.tmd 2729 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\000\000013.tmd 2717 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\Backup\iscomplete 0 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\CD.CDX 10752 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\CD.DBF 514 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\CDTRAX.CDX 4608 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\CDTRAX.DBF 482 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\dbdata.txt 42 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\listview.dat 644 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYGRPS.CDX 6144 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYGRPS.DBF 386 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYLIST.CDX 9216 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\playlist.dat 10 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYLIST.DBF 7598 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYLIST.FPT 5213 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYTRAX.CDX 6144 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\PLAYTRAX.DBF 162 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\TRACKS.DBF 15207 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\TRACKS.FPT 49358 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\TRACKS2.CDX 3072 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\TRAKINFO.CDX 6144 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\TRAKINFO.DBF 642 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\treestate.dat 1455 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\db\version 25 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\device
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\device\5fd318f73cee4df0f41a1e09ec7c9123
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\device\audiovideo_master.db 11264 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\device\b94fdd969cf0df5423b46673df3ec5c3
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\device\device_master.db 28672 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\DRM
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\DRM\rights.xml 782 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\ErrorLogs
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log 2 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\ErrorLogs\DownloadMgr.log 465 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log 474 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log 465 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\

Old_Curmudgeon · « **Reply #14 on:** March 08, 2011, 09:44:28 AM »

Combofix + CFScript.txt continued:

And more...

c:\documents and settings\John Doe\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log 458 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\Favorites
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\Favorites\Audio
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\Favorites\Radio
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\Favorites\Video
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\Favorites\Web Pages
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\History
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\History\Bobbi Starr - hot *censored* to mouth a2m a2....lnk 2285 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\History\Hot Hardcore *censored* ATM - Dailee.com.lnk 2161 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\History\Megarotic Video.lnk 2141 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\History\Xtube_sponsor's Videos.lnk 2177 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\library
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\library\view.xml 3678 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\PMP
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\realplayer.ste 1151 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\skins
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\skins\data
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\skins\data\normal
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat 1183336 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\skins\data\normal\state.ini 912 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\Temp
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\viz.ini 166 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_Desktop_scan.log 0 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_Desktop_scan2.log 0 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_My Music_scan.log 8504 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_My Music_scan2.log 8509 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_My Pictures_scan.log 9698 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_My Pictures_scan2.log 9599 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_My Videos_scan.log 36235 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_My Videos_scan2.log 36230 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_scan.log 45374 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\C__Documents and Settings_John Doe_My Documents_scan2.log 45374 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\fldrscan.out 78066 bytes
c:\documents and settings\John Doe\Application Data\Real\RealPlayer\WatchFolders\fldrscan2.out 11746 bytes
c:\documents and settings\John Doe\Application Data\Real\RealShare
c:\documents and settings\John Doe\Application Data\Real\RealShare\RealShare_1_1.xml 65644 bytes
c:\documents and settings\John Doe\Application Data\Real\Rhapsody
c:\documents and settings\John Doe\Application Data\Real\Rhapsody\ErrorLogs
c:\documents and settings\John Doe\Application Data\Real\Rhapsody\ErrorLogs\CDBurning.log 4 bytes
c:\documents and settings\John Doe\Application Data\Real\Rhapsody\ErrorLogs\GenDevices.log 466 bytes
c:\documents and settings\John Doe\Application Data\Real\Rhapsody\ErrorLogs\pdgenctnomad.log 457 bytes
c:\documents and settings\John Doe\Application Data\Real\Rhapsody\ErrorLogs\pdgenwmdm.log 450 bytes
c:\documents and settings\John Doe\Application Data\Real\Rhapsody\local.seb 23552 bytes
c:\documents and settings\John Doe\Application Data\Real\RhapsodySDK
c:\documents and settings\John Doe\Application Data\Real\rnadmin
c:\documents and settings\John Doe\Application Data\Real\rnadmin\rnsystem.dat 2326 bytes
c:\documents and settings\John Doe\Application Data\Real\Update
c:\documents and settings\John Doe\Application Data\Real\Update\temp
c:\documents and settings\John Doe\Application Data\Real\Update\Update-log.txt 3852 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\AppleTV.xml 12698 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPad_1G.xml 12698 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPhone_1G.xml 14956 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPhone_2G.xml 14956 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPhone_3G.xml 14956 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPhone_4G.xml 12698 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodClassic_6G.xml 14932 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodNano_3G.xml 14932 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodNano_4G.xml 14932 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodNano_5G.xml 16909 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodTouch_1G.xml 14953 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodTouch_2G.xml 14956 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodTouch_3G.xml 14956 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPodTouch_4G.xml 12698 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Profiles\iPod_5G.xml 14869 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Settings
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Settings\Device.xml 268 bytes
c:\documents and settings\John Doe\Application Data\Red Kawa\VideoConverterApp5\Settings\Program.xml 1399 bytes
c:\documents and settings\John Doe\Application Data\Roxio
c:\documents and settings\John Doe\Application Data\Roxio\DVD
c:\documents and settings\John Doe\Application Data\Roxio\DVD\4x3
c:\documents and settings\John Doe\Application Data\Roxio\DVD\4x3\Themes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\MediaManager
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\MediaManager\Album.ldb 64 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\MediaManager\Album.psod 1290240 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\MediaManager\ItemThumbnails.dat 2105344 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\MyDVD
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\MyDVD\Temporary
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\AETAnalyse
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\AudioFilters
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\CustomEffects
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_a1_around the world_main.mp3.wav 2663470 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_angelina 00000.avi.wav 20127518 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_angelina review 00000.avi.wav 263561406 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_global.mp3.wav 3127342 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_sw catherine review 00000.avi.wav 269578766 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_sweet catherine 00000.avi.wav 16138526 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\aproxy_theatre.mp3.wav 882734 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Proxy\ProxyLog.dat 4514 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Templates
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Templates\VWProduce.xml 97 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\Templates\WMF_Templates.xml 29501 bytes
c:\documents and settings\John Doe\Application Data\Roxio\EMC11\VideoUI\UserTextStyles
c:\documents and settings\John Doe\Application Data\Roxio\PlasmaLog.txt 1570 bytes
c:\documents and settings\John Doe\Application Data\Sage Software SB, Inc
c:\documents and settings\John Doe\Application Data\Sage Software SB, Inc\ACT!
c:\documents and settings\John Doe\Application Data\Sage Software SB, Inc\ACT!\9.1.162.0
c:\documents and settings\John Doe\Application Data\Simple Star
c:\documents and settings\John Doe\Application Data\Skype
c:\documents and settings\John Doe\Application Data\Skype\Content
c:\documents and settings\John Doe\Application Data\Skype\john.d01
c:\documents and settings\John Doe\Application Data\Skype\john.d01\bistats.db 61440 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\bistats.db-journal 33344 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\0d
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\0d\0d381e7db13b203c.dat 2796 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\28
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\28\2816e431177568c0.dat 2121 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\51
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\51\51b91061a4d395b0.dat 2153 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\65
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\65\65675095e504c2b4.dat 653 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\6d
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\6d\6de808be08dd1a81.dat 645 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\78
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\78\7804eb1c8014d857.dat 2118 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\83
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\83\838089a645bef709.dat 760 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\a8
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\a8\a802c977ff6d8d1e.dat 650 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\bd
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\bd\bdcb21ffee27ffc6.dat 2844 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\c4
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\c4\c44e425346f66d6a.dat 1877 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\d3
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\d3\d3a02a216ba35670.dat 2817 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\d7
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\d7\d7bf441c80c79557.dat 3472 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\d9
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\d9\d9be8130db43d2bb.dat 2712 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\e3
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\e3\e38da9d85c253603.dat 629 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\ed
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\ed\ed86cf23588cdd7a.dat 658 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\ef
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\fd
c:\documents and settings\John Doe\Application Data\Skype\john.d01\chatsync\fd\fd4f1419bb9eb048.dat 2868 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\config.lck 0 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\config.xml 10748 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\dc.db 577536 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\dc.db-journal 37448 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\griffin.db 28672 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\griffin.db-journal 12824 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\httpfe
c:\documents and settings\John Doe\Application Data\Skype\john.d01\httpfe\cookies.dat 2 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\keyval.db 40960 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\keyval.db-journal 33344 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\main.db 348160 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\main.db-journal 160568 bytes
c:\documents and settings\John Doe\Application Data\Skype\john.d01\voicemail
c:\documents and settings\John Doe\Application Data\Skype\My Skype Received Files
c:\documents and settings\John Doe\Application Data\Skype\Pictures
c:\documents and settings\John Doe\Application Data\Skype\Pictures\table dance.bmp 1601830 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared.lck 0 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared.xml 53957 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_dynco
c:\documents and settings\John Doe\Application Data\Skype\shared_dynco\dc.db 1167360 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_dynco\dc.db-journal 135944 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_dynco\dc.lock 0 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_id.json 7116 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_it.json 5845 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_ja.json 6543 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_ko.json 6422 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_lt.json 7206 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_lv.json 7195 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_nl.json 5908 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_no.json 5983 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_pl.json 7351 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_pt-BR.json 6026 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_pt.json 6461 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_ro.json 6111 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_ru.json 7502 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_sv.json 5972 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_tr.json 7179 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_uk.json 7473 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_vi.json 6379 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_zh-Hans.json 5640 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_zh-Hant.json 5692 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_ar.json 6805 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_bg.json 7252 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_cs.json 7165 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_da.json 6002 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_de.json 6543 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_el.json 7735 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_es.json 6060 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_fi.json 5829 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_fr.json 6295 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_he.json 7841 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\assets\promotions\content_hu.json 7298 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\css
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\css\main.css 38416 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\backgrounds
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\backgrounds\avatar-bg-98x98.png 464 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\backgrounds\clouds.png 6852 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\backgrounds\clouds32.png 9640 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\backgrounds\header-gradient.png 322 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\16_button.png 997 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\16_button_gray.gif 1560 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\16_button_gray_group.gif 1139 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\16_button_gray_group.png 660 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\16_call_button.gif 2862 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\16_call_button.png 1609 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_add_button.gif 5027 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_add_button.png 2425 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_button.png 1599 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_buttongroup_green_split.gif 52 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_buttongroup_green_split.png 116 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_buttongroup_split.gif 52 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_buttongroup_split.png 121 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_button_gray.gif 2550 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_green_button.gif 4569 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_green_button.png 1990 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_home_button.gif 5123 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_home_button.png 6537 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_roundbutton.png 1104 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\25_roundbutton_gray.gif 834 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\close.gif 170 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\close.png 249 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\input_clear.png 232 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\toggle_contacts.png 598 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\buttons\toggle_contacts_32.png 1192 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\profile-96x96.png 1611 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\promotions
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\promotions\callquality-illustration.png 3075 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\promotions\success-illustration.png 2154 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\skypeout-96x96.png 2890 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\images\spinner.gif 4178 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\config.js 617 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\core.js 92333 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\ar.js 489 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\bg.js 566 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\cs.js 458 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\da.js 432 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\de.js 436 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\el.js 757 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\en.js 406 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\es.js 479 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\et.js 408 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\fi.js 466 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\fr.js 474 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\he.js 507 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\hu.js 554 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\id.js 455 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\it.js 442 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\ja.js 488 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\ko.js 488 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\lt.js 450 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\lv.js 436 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\nl.js 425 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\no.js 434 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\pl.js 505 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\pt-BR.js 457 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\pt.js 462 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\ro.js 488 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\ru.js 685 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\sv.js 428 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\tr.js 463 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\uk.js 601 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\vi.js 528 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\zh-Hans.js 466 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\i\js\languages\zh-Hant.js 484 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\pcj\index.html 1421 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Connecting_40x40_x36_anim.gif 10920 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\alert_expanded_bg_1x4.png 6178 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\bg_1x4_x1.png 865 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Bubbles-rtl_10x9_x2.png 1501 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Bubbles_10x9_x2.png 508 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\buttons
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\buttons\25_button.png 5488 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\buttons\25_button_light_blue.png 2507 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\buttons\32_button.png 3058 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\button_16_left.png 1675 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\button_16_right.png 1176 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Button_50x16_x5.png 2292 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Close_16x16_x3.png 1797 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\education-bar-bg.png 198 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\feedSettings_expanded_bg_1x4.png 6174 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Movie_16x16_x3.png 6733 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\myselfPanel_bg_1x36.png 6208 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\partners85.png 817 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Settings_16x16_x5.png 2848 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Settings_30x16_x5.png 3423 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Share_45x16_x3.png 7132 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Switch_22x13_x4.png 1578 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Switch_22x13_x4_disabled.png 1552 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Textarea-b_557x3_x1.png 1046 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Textarea-t_557x3_x2.png 1162 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\Video_mood_16x16_x5.png 2615 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\ViewSwtich-l-selected_76x80_x5.png 3572 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\ViewSwtich-l-unselected_76x80_x5.png 4089 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\ViewSwtich-r-selected_58x80_x5.png 1493 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\images\ViewSwtich-r-unselected_58x80_x5.png 1918 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\ar.json 2354 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\bg.json 2637 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\cs.json 1964 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\da.json 1826 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\de.json 2024 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\el.json 2822 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\en.json 1686 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\es.json 1931 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\et.json 1791 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\fi.json 1886 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\fr.json 2085 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\he.json 2294 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\hu.json 2065 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\id.json 1829 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\it.json 1864 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\ja.json 2038 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\ko.json 2044 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\lt.json 2061 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\lv.json 2001 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\nl.json 1860 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\no.json 1798 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\pl.json 1918 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\pt-br.json 1925 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\pt.json 2030 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\ro.json 1999 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\rtl.css 3711 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\ru.json 2710 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\sv.json 1829 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\tr.json 1967 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\uk.json 2611 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\vi.json 2220 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\zh-Hans.json 1713 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\languages\zh-Hant.json 1732 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\production
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\production\combined.css 21666 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\production\combined.js 78235 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\i\production\jquery-1.4.2.min.js 72174 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_html\skypehome\index.html 633 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_httpfe
c:\documents and settings\John Doe\Application Data\Skype\shared_httpfe\queue.db 36864 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_httpfe\queue.db-journal 12824 bytes
c:\documents and settings\John Doe\Application Data\Skype\shared_httpfe\queue.lock 0 bytes
c:\documents and settings\John Doe\Application Data\Skype\temp-pI5iRlnlzYTtM7wj4UwItUE8 7168 bytes
c:\documents and settings\John Doe\Application Data\Skype\temp-uUGIh36YdF1Iq2L5PkkRvfB2 1544 bytes
c:\documents and settings\John Doe\Application Data\Skype\temp-vqclmBAVIOcm0A8WIQwCtPR9 1544 bytes
c:\documents and settings\John Doe\Application Data\skypePM
c:\documents and settings\John Doe\Application Data\skypePM\2011-01-04-2.ezlog 15688 bytes
c:\documents and settings\John Doe\Application Data\Sonic
c:\documents and settings\John Doe\Application Data\Sonic\Sonic Central
c:\documents and settings\John Doe\Application Data\Sony Corporation
c:\documents and settings\John Doe\Application Data\Sony Corporation\OpenMG Jukebox
c:\documents and settings\John Doe\Application Data\Sony Corporation\OpenMG Jukebox\Temp
c:\documents and settings\John Doe\Application Data\Sony Corporation\SonicStage
c:\documents and settings\John Doe\Application Data\Sony Corporation\SonicStage\Export
c:\documents and settings\John Doe\Application Data\Sony Corporation\SonicStage\SonicStage.log 4845 bytes
c:\documents and settings\John Doe\Application Data\Sony Corporation\SonicStage\Temp
c:\documents and settings\John Doe\Application Data\Spamihilator
c:\documents and settings\John Doe\Application Data\Spamihilator\cache
c:\documents and settings\John Doe\Application Data\Spamihilator\cache\56497a75@5af867c4
c:\documents and settings\John Doe\Application Data\Spamihilator\client.log 543691 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\filter.log 102370 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\filters.db 5120 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\hostlist.xml 162 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\attachmentfilter
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\attachmentfilter\attachmentfilter.db 3072 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\dccfilter
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\dccfilter\map 7912 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\dccfilter\map.txt 122 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\filterstats.log 5353 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\linkfilter
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\linkfilter\linkfilter.db 3072 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\newsletter
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\newsletter\newsletter.db 5120 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\rulefilter
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins\rulefilter\rulefilter.db 6144 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\plugins.db 6144 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20494fe.recycle 8809 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20495aa.recycle 2231 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20495c9.recycle 1525 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20495d9.recycle 6113 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20495f8.recycle 1732 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049646.recycle 2389 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049656.recycle 3044 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455614_184413_979f3f.recycle 2409 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455614_185946_a5df80.recycle 3935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455614_185949_a5e84a.recycle 1530 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20aabb.recycle 1886 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20abf3.recycle 41065 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20ac42.recycle 2628 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20ac61.recycle 36005 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20ac80.recycle 263246 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20acce.recycle 2006 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049685.recycle 2246 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20496a4.recycle 1899 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20496b4.recycle 5792 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20496c3.recycle 2051 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20496e3.recycle 2451 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049721.recycle 31670 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049731.recycle 3475 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049750.recycle 1905 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_204977f.recycle 10503 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_204978f.recycle 3549 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_20497ae.recycle 5082 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193629_20497bd.recycle 3378 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193629_20497dd.recycle 3448 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193629_204980c.recycle 20583 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049bb5.recycle 7935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049bc5.recycle 2114 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049be4.recycle 4786 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049bf4.recycle 6251 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049c13.recycle 2363 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049c32.recycle 17740 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049c51.recycle 5450 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049c71.recycle 17249 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049c90.recycle 1676 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049c9f.recycle 1316 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049cbf.recycle 8866 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049cce.recycle 3065 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049d0d.recycle 1850 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049d2c.recycle 1645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049d6b.recycle 1530 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049d8a.recycle 108651 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049db9.recycle 4927 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049dd8.recycle 3146 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049de8.recycle 2259 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049df7.recycle 4499 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049e36.recycle 1709 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049e74.recycle 5948 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049e93.recycle 8148 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049ea3.recycle 4582 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049eb3.recycle 2254 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049ee2.recycle 9554 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049f5f.recycle 1653 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a059.recycle 2247 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a0a7.recycle 1329 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a0d6.recycle 3833 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a0f5.recycle 4269 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a124.recycle 28195 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a153.recycle 4291 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a181.recycle 15898 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a1b0.recycle 14030 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a1ef.recycle 27974 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a2aa.recycle 3543 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a2ba.recycle 10007 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20ada9.recycle 1395 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20adc8.recycle 2030 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20ade7.recycle 6335 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20adf7.recycle 1619 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20ae07.recycle 107318 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20ae45.recycle 2032 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20ae55.recycle 1813 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20ae64.recycle 22590 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20ae84.recycle 2401 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20ae93.recycle 3356 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20aea3.recycle 3663 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20aec2.recycle 1752 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20aed2.recycle 1679 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af01.recycle 1763 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af10.recycle 2407 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af30.recycle 30984 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af3f.recycle 1779 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af4f.recycle 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af6e.recycle 6558 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af7e.recycle 1775 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20af8d.recycle 1676 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20afad.recycle 1750 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20afdb.recycle 232121 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20afeb.recycle 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b00a.recycle 1712 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b02a.recycle 2415 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b049.recycle 2403 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b068.recycle 5555 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b078.recycle 1901 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b087.recycle 2796 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b0a7.recycle 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b0b6.recycle 1777 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b0c6.recycle 6482 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b0e5.recycle 22153 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b0f5.recycle 1742 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b104.recycle 3703 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b124.recycle 2099 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b133.recycle 1643 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b152.recycle 4078 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\recyclebin.xml 69062 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b181.recycle 261088 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b1a1.recycle 2396 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b1c0.recycle 3867 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b1cf.recycle 1832 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b1df.recycle 2366 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b1ef.recycle 10118 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b20e.recycle 10105 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b21e.recycle 1891 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b23d.recycle 2282 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b24c.recycle 3817 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b26c.recycle 3650 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b28b.recycle 3805 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b2aa.recycle 2842 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b2ba.recycle 1658 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b2c9.recycle 261319 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b2e9.recycle 1744 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072105_20b308.recycle 2270 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193628_2049666.recycle 1925 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193629_20497ec.recycle 4787 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193630_2049cee.recycle 2023 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455595_193631_204a2d9.recycle 2643 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072103_20ad8a.recycle 3255 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20aee1.recycle 264935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b039.recycle 2408 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\recycle\2455622_072104_20b162.recycle 3633 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\server.log 1048555 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\spamihilator.ini 5009 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\spampoints_user.xml 462 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training
c:\documents and settings\John Doe\Application Data\Spamihilator\training\8cbc976.training 1901 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\8e417ac3.training 9554 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\913d8d86.training 1712 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\915163aa.training 3044 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\93e3c8bd.training 3663 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\94166748.training 1525 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\96a215d8.training 4787 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\9a54de35.training 3650 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\9ad0e835.training 8148 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\9bc1a657.training 6251 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\9f6c11c5.training 1850 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\382d886a.training 6558 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\38379bd1.training 2409 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\38aeb928.training 27974 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\38afe236.training 1832 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\3beee61c.training 2246 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\3c9612f8.training 10503 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\3d267f1.training 31670 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\3f82071c.training 2643 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\42b3824.training 2023 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\43fd606d.training 4499 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\46e9820f.training 10007 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\46ec5aa7.training 4269 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\4819e9bd.training 18573 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\49a82ca1.training 1709 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\4aa23da3.training 1329 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\4aaf005b.training 6846 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\4e1cb708.training 261088 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\511b7c92.training 6482 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\51827fac.training 1679 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5299b9cf.training 7935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\54e96d9d.training 1777 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\54ef6633.training 2396 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\55976b59.training 107318 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\55c313c5.training 2270 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5706dc35.training 261319 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5a15c790.training 28195 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\9f9f6254.training 10105 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a27afa34.training 1750 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a3ccfad.training 7021 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a474c210.training 1763 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a4d3143c.training 2628 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a5f1a9b0.training 4078 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a6da7910.training 5792 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\a80ab23a.training 3867 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\abcdde24.training 3146 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\aef0c273.training 1619 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\b37cc5ce.training 1395 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\b39671dd.training 2114 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\b3ffcec0.training 6335 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\b60f2a7a.training 70223 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\b6f6fa93.training 3255 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\babea0f6.training 3448 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\bad.spamihilator.wordlist 1048590 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\805b3d67.training 2415 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\80b8749f.training 8866 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\8172b776.training 2030 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\847ea4d8.training 2389 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\84b4dfce.training 27211 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\85e94ed5.training 3805 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\88cf00bd.training 2389 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\890d6eaa.training 36667 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\8a8ebda7.training 2407 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\8b91bc7a.training 1813 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\8b95b98a.training 1732 bytes
c:\documents and settings\Jo

Old_Curmudgeon · « **Reply #15 on:** March 08, 2011, 09:45:46 AM »

c:\documents and settings\John Doe\Application Data\Spamihilator\training\da8529c4.training 3475 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\dde93ef6.training 41065 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e08d17bc.training 1676 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e17aa771.training 30984 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e1dd8382.training 3378 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e2e592b9.training 2366 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e3c4e29.training 5450 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e408a40c.training 5555 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e73cd25.training 1744 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ea3bfbaf.training 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ea8d60bb.training 1742 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\eb6c8d51.training 2451 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ecd2221.training 22590 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ede1e661.training 2231 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\eea8e4be.training 7645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\11270411.training 1645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\13a4100a.training 100852 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1bd9944c.training 3817 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1c17bdb2.training 2247 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1e6e4ded.training 2842 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1f43a922.training 1188 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\20597512.training 1925 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\20f38642.training 17740 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\24799c8.training 31495 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\26740cdf.training 2032 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\267ba4d1.training 36005 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\274df526.training 47852 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f0cf0e02.training 1653 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f1b411af.training 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f22a594a.training 3549 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f235c20a.training 5906 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f3deabe9.training 1530 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f4fa5e24.training 2401 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\fe6dec8b.training 1899 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\fea5e27b.training 2403 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\good.spamihilator.wordlist 400229 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\training.xml 73938 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\bd6d279c.training 1905 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c125e88c.training 3240 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c4ebdfae.training 4582 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c59224bf.training 5948 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c5f1680d.training 35880 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c63ef476.training 4927 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c83cc235.training 1891 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c854924.training 2099 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c8749c16.training 2363 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c95b1908.training 1752 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\caefe464.training 1775 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cb47195f.training 3703 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cbfab6f3.training 22153 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cc19b6c4.training 3941 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cdf4ee4a.training 1779 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cedb3747.training 2796 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cfe53bb3.training 4786 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d0f4b8a2.training 2254 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d152f1e1.training 20583 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d3ec5a41.training 9448 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d417fe3f.training 4291 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d44d0db7.training 2006 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\da24899a.training 498948 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\da2f369e.training 2645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\6885e96a.training 1643 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\697f87a1.training 26071 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\6c9f1226.training 15898 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\6ed5ae25.training 17249 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\709c742c.training 1658 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7114fa33.training 3833 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7186bb83.training 71513 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\74e6ad1b.training 5082 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7557ff89.training 263246 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\76279792.training 264935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\764f8d6d.training 2051 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\769318df.training 10118 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7b808af6.training 3633 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7ea1296e.training 232121 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5d782ab7.training 1316 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\605ab68.training 2408 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\60cbeffa.training 108651 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\618e2dc0.training 8809 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\623e2772.training 2259 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\62d4d05e.training 1812 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\63c51a2e.training 498711 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\64d2760a.training 6377 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2978c0d6.training 2282 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2a327f16.training 3356 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2bd0e3f6.training 6113 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2d9d65ec.training 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\30a4bf85.training 1530 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\3314ea84.training 3065 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\359c4ff.training 14030 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\35c82c46.training 1676 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\27704768.training 3935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5c91cbfd.training 3543 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\800c9896.training 88704 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ef466a91.training 1886 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\uid
c:\documents and settings\John Doe\Application Data\Spamihilator\uid\[email protected] 1249 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\updatecheck.log 23642 bytes
c:\documents and settings\John Doe\Application Data\SpinTop
c:\documents and settings\John Doe\Application Data\SpinTop\spintop.ico 25214 bytes
c:\documents and settings\John Doe\Application Data\Sun
c:\documents and settings\John Doe\Application Data\Sun\Java
c:\documents and settings\John Doe\Application Data\Sun\Java\AU
c:\documents and settings\John Doe\Application Data\Sun\Java\AU\au.cab 571345 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\AU\au.msi 183808 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\29
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\1
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\10
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\11
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\12
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\13
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\14
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\15
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\16
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\17
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\18
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\19
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\2
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\20
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\21
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\22
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\23
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\24
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\25
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\26
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\27
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\28
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\3
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\30
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\31
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\32
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\33
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\34
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\35
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\36
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\37
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\38
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\39
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\4
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\40
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\41
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\42
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\43
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\44
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\46
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\47
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\48
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\49
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\5
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\50
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\51
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\52
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\53
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\54
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\55
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\56
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\57
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\58
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\59
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\6
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\60
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\61
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\62
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\63
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\7
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\8
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\9
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\host
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\muffin
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\deployment.properties 524 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\ext
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\log
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\log\plugin150_10.trace 1566 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\log\plugin150_11.trace 1623 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\security
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\security\auth.dat 0 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\security\trusted.certs 1503 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\29
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\29\2d9f109d-1372a5f6 4329254 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\29\2d9f109d-1372a5f6.idx 390554 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\1
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\10
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\11
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-714652c2 42563 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-714652c2.idx 12686 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\12
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\13
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\14
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\15
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\16
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432 78624 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432-n\decora-d3d.dll 12800 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432-n\decora-sse.dll 61440 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432.idx 10926 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\18
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\19
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\2
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\20
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\21
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\22
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\3db38257-2893ef8d 2638711 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\3db38257-2893ef8d.idx 129563 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\6fa462d7-4a2aee04 292107 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\6fa462d7-4a2aee04.idx 11306 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\24
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\24\2a20e358-37da6f94 1964 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\24\2a20e358-37da6f94.idx 739 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6226e4d1 8792225 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6226e4d1.idx 439868 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6d2523d3 8792225 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6d2523d3.idx 601 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-5caa078f.idx 128 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-75bb679d 3133 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-75bb679d.idx 788 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\27
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\28
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\3
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-1f7bd05e 4338079 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-1f7bd05e.idx 390599 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\30
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\31
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-5f9c7d8b 3029 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-5f9c7d8b.idx 883 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-74e574e3.idx 128 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\33
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\34
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\35
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\36
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\37
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\38
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\39
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3 1356284 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n\jmc.dll 499712 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n\msvcp71.dll 503808 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n\msvcr71.dll 348160 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3.idx 10981 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\40
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\41
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d 78686 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d-n\decora-d3d.dll 12800 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d-n\decora-sse.dll 61440 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d.idx 10941 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\43
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\44
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\45
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69 1356287 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n\jmc.dll 499712 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n\msvcp71.dll 503808 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n\msvcr71.dll 348160 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69.idx 10973 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\47
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\48
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\49
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\5
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c 78684 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c-n\decora-d3d.dll 12800 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c-n\decora-sse.dll 61440 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c.idx 10931 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\51
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\52
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\53
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38 1356192 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n\jmc.dll 499712 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n\msvcp71.dll 503808 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n\msvcr71.dll 348160 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38.idx 10975 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\55
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\56
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\57
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\58
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\59
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\6
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\60
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\61
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\63
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\7
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\8
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\9
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\lastAccessed 1 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\tmp
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\tmp\si
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24\Data1.cab 13027914 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24\jre1.6.0_24.msi 681984 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24\OpenOffice_banner.jpg 74758 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-2-28-2011( 17-24-2 ).SDB 657973 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-1-2011( 11-21-28 ).SDB 545233 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-1-2011( 23-48-14 ).SDB 6603 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-7-2011( 16-52-18 ).SDB 6512 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-7-2011( 16-52-49 ).SDB 7600 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\CUSTOM.STG 20480 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 02-28-2011 - 21-11-57.log 7660 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 03-01-2011 - 14-20-14.log 570 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 03-07-2011 - 16-53-57.log 454 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN 19444621 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.DB 41596744 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.ZIP 7138696 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB 1398807 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.ZIP 177862 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-28-2011 - 21-23-49.DSC 35 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-28-2011 - 21-23-49.SBU 18515 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-01-2011 - 14-32-02.DSC 35 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-01-2011 - 14-32-02.SBU 774 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 52224 bytes executable
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 63488 bytes executable
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll 52736 bytes executable
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 117760 bytes executable
c:\documents and settings\John Doe\Application Data\Syntrillium
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\COOL.INI 5647 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\coolkb2k.ini 10957 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\coolmp3.ini 37 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\flt.dat 2712 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\xfm.dat 59882 bytes
c:\documents and settings\John Doe\Application Data\Template
c:\documents and settings\John Doe\Application Data\Template\Normal.wpt 9728 bytes
c:\documents and settings\John Doe\Application Data\wklnhst.dat 0 bytes
.
scan completed successfully
hidden files: 2433
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3449024481-383353879-3954239504-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1056)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(5712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\msdtc.exe
c:\program files\AirLink101\AWLL5026\AWLL5026.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2011-03-07 20:52:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-08 02:52
ComboFix2.txt 2011-03-05 22:05
.
Pre-Run: 318,465,519,616 bytes free
Post-Run: 318,417,092,608 bytes free
.
- - End Of File - - 3D60CF298605D428D47F21E8A4EF60CE

SuperDave · « **Reply #16 on:** March 08, 2011, 12:44:35 PM »

Quote

the ACT program and SQL are the most critical programs that I would like to save after all of this.

You cannot save programs. If you don't have the disks or a site to download them from, you're out of luck.

Quote

Any clue if it looks like the Trojan(?) will be successfully resolved?

Only time will tell but I'm confident.
Please give me an update on the state of your computer.
I believe chkdsk was run already but please run it again.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Old_Curmudgeon · « **Reply #17 on:** March 08, 2011, 08:08:16 PM »

OK, right now I will run chkdsk again (it needs it according to popup messages) and then I will follow your previous instructions to clear my DNS cache and then run mrt.exe. After those three I will begin on rootrepeal. By the way, what am I doing by clearing the DNS cache and running mrt.exe?

Thanks for your patience,
Mike

SuperDave · « **Reply #18 on:** March 09, 2011, 12:20:59 PM »

Quote

By the way, what am I doing by clearing the DNS cache and running mrt.exe?

Clearing the DNS cache is to try to fix your internet problems and the MRT is to check for any other bugs on your computer.

Old_Curmudgeon · « **Reply #19 on:** March 09, 2011, 03:34:03 PM »

The DNS ran and I am, once again, able to log onto computerhope!

MRT.exe ran and delivered a clean bill of health. No problems found.

I am about to run rootrepeal.

Thanks,
Mike

Old_Curmudgeon · « **Reply #20 on:** March 10, 2011, 12:10:09 PM »

Well, I'm confused once again. I was unable to log on to computerhope with my laptop. I ran the DNS once more with no effect.

I did run the RootRepeal for C & D drives. The logs follow.

Many thanks,
Mike

***************************************************************************************

C drive RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/03/10 12:20
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9EC4F000   Size: 876544   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9F359000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\pc tools security\k_filecache
Status: Allocation size mismatch (API: 524288, Raw: 589824)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_1468.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041   Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf71b66e6

#: 047   Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7194f68

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7195230

#: 063   Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf71b70a0

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b742a

#: 119   Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf71b5924

#: 192   Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf71b796e

#: 247   Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b6aa4

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf71949d8

==EOF==

*****************************************************************************************

D drive RootRepeal log

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/03/10 12:46
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9EC4F000   Size: 876544   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9F359000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: d:\system volume information\_restore{3a579f61-82cf-4117-919a-db7b394cd5bc}\rp3\change.log.2
Status: Allocation size mismatch (API: 16384, Raw: 4096)

SSDT
-------------------
#: 041   Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf71b66e6

#: 047   Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7194f68

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7195230

#: 063   Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf71b70a0

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b742a

#: 119   Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf71b5924

#: 192   Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf71b796e

#: 247   Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b6aa4

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf71949d8

==EOF==

SuperDave · « **Reply #21 on:** March 10, 2011, 04:37:42 PM »

Is it only ComputerHope that you can't access? What happens when you try? Any error messages?
What happens when you click on this site?

Old_Curmudgeon · « **Reply #22 on:** March 10, 2011, 07:59:46 PM »

Thanks for hanging in there Dave,

"Access" is not really the word. "Log In" is what I am unable to do. I can navigate to computerhope.com and get to the login screen. (Same as the link that you provided.) However, when I type in my user & password I get a screen that says "An error has occurred. You will have to wait 2 seconds to log in again. Sorry." Trying a half dozen more times, after waiting each time, doesn't seem to help. Just for grins I intentionally entered the wrong user and got an error message about the wrong user/password. I entered in the wrong password and got an error message about the wrong user/password. So I am accessing the login routine but for some reason either my computer is sending weird data or computerhope is not friends with my laptop but does like my desktop.

Were there any anomalies in the RootRepeal logs?

Thanks,
Mike

SuperDave · « **Reply #23 on:** March 11, 2011, 12:14:29 PM »

Quote

Were there any anomalies in the RootRepeal logs?

No. The logs look good. I want to run one more scan. In the meantime, I'll pm the administrator about your login problem

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Old_Curmudgeon · « **Reply #24 on:** March 14, 2011, 10:50:56 AM »

Hi Dave,

I ran Eset but I wasn't sure whether or not to leave the "remove found threats" checked so I unselected that and selected "scan archives" and ran it.

Eset found two problems:
1) -win32/toolbar.AskSBar application. Probably a varriant of win32/Agent.CILWIIQ.trojan.
2) -win32/Adware.ADON application

Should I run Eset again with the "remove found threats" selected?

I tried logging in to computerhope with my laptop again and still wasn't allowed to proceed.

Thanks,
Mike

SuperDave · « **Reply #25 on:** March 14, 2011, 12:49:25 PM »

Quote

Should I run Eset again with the "remove found threats" selected?

Yes, Please.

Quote

I tried logging in to computerhope with my laptop again and still wasn't allowed to proceed.

I sent a pm to Administration. Hopefully, they will contact you about this problem.

Old_Curmudgeon · « **Reply #26 on:** March 18, 2011, 09:40:06 PM »

Ironically, while attempting to cure my laptop, I became infected with a virus! Do you think it may be cross-species capable??? Kidding aside, I'm sorry this took so long but I felt terrible.

OK, ESET log file after selecting "remove found threats" and "scan archives":
**************************************************************************

C:\Program Files\Unlocker\eBay_shortcuts_1016.exe   Win32/Adware.ADON application   deleted - quarantined
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP12\A0042211.exe   Win32/Adware.ADON application   deleted - quarantined
C:\_Downloads\FLV Utilities\FLV Downloader\FLVDownloader_Install.exe   probably a variant of Win32/Agent.CILWIIQ trojan   deleted - quarantined
C:\_Downloads\Nero 836\Nero-8.3.6.0_eng_update.exe   Win32/Toolbar.AskSBar application   deleted - quarantined

**************************************************************************

How am I doing?

One of your initial replies indicated that I was not to run any scans without your consent. Would it be a problem to rerun any of the scans that we have run so far?

I tried logging on with my laptop again without success. I have not heard from Administration.

Thanks again for your persistance,
Mike

SuperDave · « **Reply #27 on:** March 19, 2011, 12:29:20 PM »

Quote

Would it be a problem to rerun any of the scans that we have run so far?

Go ahead if you wish.

Quote

tried logging on with my laptop again without success. I have not heard from Administration.

Other than this problem, how's your computer working now?

Old_Curmudgeon · « **Reply #28 on:** March 20, 2011, 09:12:15 AM »

Hi Dave,

Quote

Other than this problem, how's your computer working now?

The original BAD IMAGE complaint stopped in the beginning as I had initially reported. What concerns me is that every time you gave me a new scan module to try each one seemed to find more problems. I'm not savvy enough to recognize whether or not this suggests that a Trojan is lurking on my hard drive so I am relying on you for that.

Since I ran ESET I am getting a JAVA pop-up error near start-up about jusched.exe has encountered a problem and needs to close... Unless you have a suggestion I was going to try a manual update. If that doesn't fix the error I figured that I would need to uninstall and reinstall JAVA.

Since I ran ESET the Laptop has frozen twice. This is very unusual for this machine but I don't know if it is worrysome or not. The first time I was on-line waiting for a .pdf document to load and it never did. The second time was after I allowed Mal WareBytes to run overnight and woke up to a blank MWB screen on my desktop. Each time I had cursor control but no click response or keyboard response. Nor was I able to get a ctl/alt/del response. I finally powered off and restarted. The restart after the MWB freeze brought me to a DOS screen which I exited with ctl/alt/del successfully to a Windows start-up. MWB ran successfully after that and found no problems. I have not noticed any pattern in this behaviour yet.

I have gotten into the low-tech habit of monitoring the indicator lights of my modem and router figuring that if they are steady then nothing is accessing the WEB at that moment. If a Trojan is running in the background and no other program is using the computer (or at least the internet connection) would the indicator lights on my modem and router be blinking (showing activity) due to the Trojan? Do you know if it would it be possible for them to be steady with a Trojan running? Are Trojans wiley enough to defeat these indicator lights? Is monitoring these indicator lights worthwhile?

Thanks Dave,
Mike

SuperDave · « **Reply #29 on:** March 20, 2011, 01:03:57 PM »

Quote

I am getting a JAVA pop-up error near start-up about jusched.exe has encountered a problem and needs to close... Unless you have a suggestion I was going to try a manual update. If that doesn't fix the error I figured that I would need to uninstall and reinstall JAVA.

That very same problem was bugging me last week. I went to Control Panel, Java, clicked on Update tab and unchecked "Check for updates automatically". Problem solved. It only checks once a month and uses valuable resources the whole month.
I'm not sure what's causing the freezing. It could be a number of problems; failing harddrive, overheating, etc.

Quote

If a Trojan is running in the background and no other program is using the computer (or at least the internet connection) would the indicator lights on my modem and router be blinking (showing activity) due to the Trojan? Do you know if it would it be possible for them to be steady with a Trojan running? Are Trojans wiley enough to defeat these indicator lights? Is monitoring these indicator lights worthwhile?

Not a good method. A good third-party firewall would be much better. I noticed you have AVG firewall and it should be blocking all fraudulent traffic both incoming and outgoing.
Let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Old_Curmudgeon · « **Reply #30 on:** March 29, 2011, 05:32:28 PM »

Hi Dave,

Sorry this took so long. I have completed the steps you suggested and I believe that I am through with the malware problem. I still have to reinstall the paid-for AVG and activate its firewall (though that evidently didn't help me in the first place?)

I have had several instances where the laptop has not shut down correctly. I select start\turn off computer\turn off and I get the screen that says that windows is shutting down but then it stalls there. I wait for 5 or 10 minutes and then just power off the machine. It doesn't always happen but I'd say about every third or fourth time so far.

Thanks for your help.
Mike

SuperDave · « **Reply #31 on:** March 30, 2011, 11:53:05 AM »

I don't believe that the shut-down problem is caused by any infections. If it persists, start a new thread in the proper forum. I will lock this thread.If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Bad Image: WIKI.DLL (Read 84225 times)

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

Old_Curmudgeon

SuperDave

Old_Curmudgeon

Old_Curmudgeon

Old_Curmudgeon

Old_Curmudgeon

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave

Old_Curmudgeon

SuperDave