Computer Hope
Software => Computer viruses and spyware => Topic started by: blacksheep555 on January 21, 2010, 11:35:53 PM
-
hi, I don't know if I'm in the correct board or not. my prob started with this IS2010 virus. I attempted to reboot computer in safe mode, but now I seem to be stuck. I'm on XP and it will not allow me to boot up windows in any mode. if someone (experts only) could help get me back up-and-running, I've researched enough info here to get rid of it (I think).
-
http://www.computerhope.com/forum/index.php/topic,46313.0.html
please go to above and complete and post the 3 logs and they will be looked at , harry
-
I cannot do this, I need to repair windows to get booted up.Problem is this is my aunts comp. and is 5 miles away. I will be doing alot of back and forth to follow-up. My #1 question is: can I use a dell installation disk with service pack1a on an HP with service pack 3?
-
My other prob is, I don't have access to a comp with a cd burner so, if this install disk doesn't get me going, I don't know what to do to recover the data. I will be attempting to follow "A salvage mission into the depths of windows XP, explained by a non-geek". by Charlie White.
If I can get that to safely reboot, then I can post all logs and move forward. Also, I found an article on bleepingcomputer.com about an easy-looking uninstall for this Internet Security 2010 virus. By downloading only rkill.com and Malwarebytes. Do you feel this is an acceptable resolution once I get windows up and running?
-
I cannot do this, I need to repair windows to get booted up.Problem is this is my aunts comp. and is 5 miles away. I will be doing alot of back and forth to follow-up. My #1 question is: can I use a dell installation disk with service pack1a on an HP with service pack 3?
this is a problem that should have been posted in the windows forum
My other prob is, I don't have access to a comp with a cd burner so, if this install disk doesn't get me going, I don't know what to do to recover the data. I will be attempting to follow "A salvage mission into the depths of windows XP, explained by a non-geek". by Charlie White.
If I can get that to safely reboot, then I can post all logs and move forward. Also, I found an article on bleepingcomputer.com about an easy-looking uninstall for this Internet Security 2010 virus. By downloading only rkill.com and Malwarebytes. Do you feel this is an acceptable resolution once I get windows up and running?
you should follow where i sent you first when you get the other fixed , an expert will take you through other steps with the above
-
I am working with an HP pavilion a1430n CPU TYPE: AMD ATHLON(tm) 64 x2
DUAL CORE processor 3800+
CPU SPEED 2000 MHz
CPU L1 CACHE SIZE 128Kb x2
CPU L2 CACHE SIZE 512Kb x2
ONBOARD VIDEO MEMORY SIZE [64M]
Well, I got windows back up-and-running, though I ended up with a clean pc. Was doing a non-destructive recovery from the hard disk, but it ended up wiping everything anyhow. All that came back were desktop shortcuts with no program files backing them up. I don't understand it because I've done it on other HP's and recovered all user docs and programs, but not this time.
Anyway, I've reinstalled AVG, MalwareBytes, Super Antispyware, Crapcleaner, Hijack This, JavaRa, and all microsoft updates. Before I could even get AVG installed I must have been bombarded with viruses because AVG picked up about 9 or 10 trojans and adware warnings within minutes.
Hopefully their in the logs I am posting. I don't think they have anything to do with the Internet Security 2010, but, then again I've never had a virus as vicious as that. Ok, will post logs of what I have, I believe I did everything in the proper order.
Thank you to all who are a part of this forum, I think you guys have done a great job and have a very easy to navigate sitemap. Thanks again.
-
here is Super aSUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/23/2010 at 02:10 AM
Application Version : 4.33.1000
Core Rules Database Version : 4510
Trace Rules Database Version: 2322
Scan type : Complete Scan
Total Scan Time : 01:19:01
Memory items scanned : 597
Memory threats detected : 0
Registry items scanned : 5120
Registry threats detected : 0
File items scanned : 86271
File threats detected : 3
Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\[email protected][2].txt
ntispyware log
-
Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/23/2010 12:18:09 AM
mbam-log-2010-01-23 (00-18-09).txt
Scan type: Quick Scan
Objects scanned: 123255
Time elapsed: 17 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:51 AM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9159 bytes
-
ok , you have a few problems in the hjt log , the other 2 look clear , you will have to wait for a malware expert , harry
-
Hello blacksheep555 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
--------------------------------------------------------------------------------------------------------
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
* Copy the file path in the below Code box:
c:\program files\google\googletoolbar1.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
---------------------------------------------------------------------------------------------------
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
--------------------------------------------------------------------------------------------------
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Important: Close all open windows except for HijackThis and then click Fix checked.
-------------------------------------------------------------------------------------------------
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Once completed, exit HijackThis.
-
Here is the Jotti's scan results: http://virusscan.jotti.org/en/scanresult/f75c85205e3253c5fce7c9e9a2576615e8ff34b9
Uninstalled messenger, but did not have any files left on desktop?
Attempted to run ComboFix and ran into this error screen:
You Cannot Rename ComboFix As ComboFix[1]
Please Use Another Name, Preferably Made Up Of Alphanumeric Characters
All I did was follow the installation/run prompts, it did not give me an option to name or rename any files. I had AVG and my firewall disabled.
-
I found this article about the ComboFix issue @ http://www.bleepingcomputer.com/
Upon scrolling down on the home screen. So, I guess we have to do without it for now.
-
I am sorry, I was not saving the combofix file to my desktop- I was attempting to run it at install. ComboFix 10-01-23.03 - HP_Administrator 01/23/2010 23:48:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.575 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\recycler\S-1-5-21-607036408-2121272083-3174120339-1008
C:\s
c:\windows\kb913800.exe
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 00:19 . 2010-01-24 00:22 -------- d-----w- c:\program files\Startup Optimizer
2010-01-24 00:15 . 2010-01-24 01:47 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit
2010-01-23 11:15 . 2010-01-23 11:15 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-23 11:15 . 2010-01-23 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-23 09:00 . 2010-01-23 09:00 503808 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcp71.dll
2010-01-23 09:00 . 2010-01-23 09:00 499712 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\jmc.dll
2010-01-23 09:00 . 2010-01-23 09:00 348160 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcr71.dll
2010-01-23 09:00 . 2010-01-23 09:00 61440 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-sse.dll
2010-01-23 09:00 . 2010-01-23 09:00 12800 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-d3d.dll
2010-01-23 08:59 . 2010-01-23 08:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 08:44 . 2010-01-23 08:50 -------- d-----w- c:\program files\Trend Micro
2010-01-23 06:10 . 2010-01-23 06:10 52224 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-23 06:10 . 2010-01-23 06:10 117760 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-23 06:10 . 2010-01-23 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-23 06:10 . 2010-01-23 06:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-23 06:10 . 2010-01-23 06:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
2010-01-23 06:08 . 2010-01-23 06:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-23 05:58 . 2010-01-23 05:58 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-01-23 05:58 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 05:58 . 2010-01-23 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 05:58 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\scripting
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\en
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\bits
2010-01-23 05:09 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2010-01-23 05:09 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2010-01-23 05:09 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-01-23 05:09 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-01-23 05:09 . 2004-08-04 03:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-01-23 05:09 . 2004-08-04 03:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-01-23 05:07 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2010-01-23 05:06 . 2008-04-14 00:11 516768 ------w- c:\windows\system32\ativvaxx.dll
2010-01-23 04:37 . 2010-01-23 04:37 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skinux
2010-01-23 04:26 . 2010-01-23 04:26 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
2010-01-23 04:14 . 2010-01-23 04:14 -------- d-----w- C:\$AVG
2010-01-23 04:13 . 2010-01-23 04:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 04:13 . 2010-01-23 04:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 04:13 . 2010-01-23 04:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 04:13 . 2010-01-23 22:22 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-23 04:13 . 2010-01-23 04:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 04:13 . 2010-01-23 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 03:32 . 2010-01-23 03:32 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IECompatCache
2010-01-23 03:30 . 2010-01-23 03:30 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
2010-01-23 03:22 . 2010-01-23 03:22 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-01-23 03:19 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-23 03:19 . 2009-12-21 19:14 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-23 03:19 . 2009-12-21 19:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-23 03:19 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-23 03:19 . 2009-12-21 19:14 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-23 03:19 . 2009-12-21 19:14 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-23 03:19 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-23 03:11 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-23 03:11 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-23 03:11 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-23 03:11 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-23 03:11 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-23 02:30 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-23 02:30 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-23 02:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-23 02:28 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-23 02:28 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-23 02:28 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-23 02:26 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-23 02:24 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-23 02:24 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-23 02:24 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-23 02:24 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-23 02:24 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-23 02:24 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-23 02:24 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-23 02:24 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-23 02:24 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-23 02:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-23 02:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-23 02:23 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-23 02:22 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-23 02:22 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-23 02:21 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-23 02:08 . 2010-01-23 02:08 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData
2010-01-23 01:43 . 2010-01-23 09:12 -------- d-sh--r- c:\windows\system32\dllcache
2010-01-23 01:37 . 2010-01-23 01:37 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HP
2010-01-23 01:27 . 2010-01-24 02:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-01-23 01:27 . 2006-02-11 00:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-01-23 01:27 . 2006-02-11 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 04:27 . 2006-02-11 00:43 51528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-24 02:12 . 2007-04-01 21:12 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-24 02:12 . 2006-02-11 01:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-01-24 02:12 . 2009-04-28 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-24 01:33 . 2009-12-01 23:01 -------- d-----w- c:\program files\IObit
2010-01-23 09:07 . 2006-02-11 00:13 -------- d-----w- c:\program files\Java
2010-01-23 09:00 . 2006-02-11 00:13 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 07:07 . 2010-01-23 01:28 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
2010-01-23 05:42 . 2005-08-31 04:01 92463 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-23 04:35 . 2006-02-11 01:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-23 04:35 . 2006-02-11 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-23 04:13 . 2009-04-28 17:48 -------- d-----w- c:\program files\AVG
2010-01-23 03:57 . 2006-02-11 00:46 -------- d-----w- c:\program files\WildTangent
2010-01-23 03:56 . 2006-02-11 00:46 -------- d-----w- c:\program files\Sonic
2010-01-23 03:55 . 2006-02-11 00:59 -------- d-----w- c:\program files\Quicken
2010-01-23 03:52 . 2006-02-11 00:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 03:51 . 2006-02-11 00:58 -------- d-----w- c:\program files\muvee Technologies
2010-01-23 03:51 . 2006-02-11 00:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 03:44 . 2006-02-11 00:08 -------- d-----w- c:\program files\GemMaster
2010-01-23 01:36 . 2006-02-11 00:33 112942 ----a-w- c:\windows\hpoins07.dat
2010-01-23 01:30 . 2010-01-23 01:30 1903 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER900AA-ABA a1430n_YC_0Pavi_QCNH607_E62NAemMPA1_48_ INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXP2_L409_M121 5_J250_7AMD_8Athlon 64 X2 Dual Core_92_#060408_N_Z11C10620_G10DE0241.MRK
2009-12-21 19:14 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-05 17:29 . 2009-12-05 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 15:51 . 2004-08-10 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 04:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"ehTray"=c:\windows\ehome\ehtray.exe
"nwiz"=nwiz.exe /install
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"DMAScheduler"=c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/22/2010 10:13 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/22/2010 10:13 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/22/2010 10:13 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/22/2010 10:13 PM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-01-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-24 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 23:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-23 23:53:34
ComboFix-quarantined-files.txt 2010-01-24 05:53
Pre-Run: 216,889,921,536 bytes free
Post-Run: 217,093,427,200 bytes free
- - End Of File - - E0ABED7704C4BCE6A733DB4EE8A2E9D7
e everything you requested now.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:15 PM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6945 bytes
-
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
File::
c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Folder::
c:\program files\WildTangent
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-------------------------------------------------------------------------------------------
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
ComboFix 10-01-24.01 - HP_Administrator 01/24/2010 15:53:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.677 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\desktop.ini
c:\documents and settings\Administrator\Application Data\Symantec
c:\documents and settings\Administrator\Desktop\3 Month Trial AOL Music Now.lnk
c:\documents and settings\Administrator\Favorites\Desktop.ini
c:\documents and settings\Administrator\Favorites\MSN.com.url
c:\documents and settings\Administrator\Favorites\Radio Station Guide.url
c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\1033.MST
c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdateMgr.exe.ca552b9d.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\HPBWSetup.exe.d9e58072.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c95982a.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\PostInstallExecuter.exe.2c6c3c60.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SetupMCL.exe.cacc9309.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL52.tmp.fc211826.ini
c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\documents and settings\Administrator\Local Settings\Application Data\Google
c:\documents and settings\Administrator\Local Settings\Application Data\IconCache.db
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb
c:\documents and settings\Administrator\Local Settings\Application Data\Wildtangent
c:\documents and settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds
c:\documents and settings\Administrator\Local Settings\desktop.ini
c:\documents and settings\Administrator\My Documents\desktop.ini
c:\documents and settings\Administrator\My Documents\My Music
c:\documents and settings\Administrator\My Documents\My Music\Desktop.ini
c:\documents and settings\Administrator\My Documents\My Music\Sample Music.lnk
c:\documents and settings\Administrator\My Documents\My Videos
c:\documents and settings\Administrator\My Documents\My Videos\Desktop.ini
c:\documents and settings\Administrator\ntuser.ini
c:\documents and settings\Administrator\Start Menu\desktop.ini
c:\documents and settings\Administrator\Start Menu\Programs\Accessories
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk
c:\documents and settings\Administrator\Start Menu\Programs\desktop.ini
c:\documents and settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Online Services
c:\documents and settings\Administrator\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Outlook Express.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Startup\desktop.ini
c:\documents and settings\Administrator\Templates\amipro.sam
c:\documents and settings\Administrator\Templates\excel.xls
c:\documents and settings\Administrator\Templates\excel4.xls
c:\documents and settings\Administrator\Templates\lotus.wk4
c:\documents and settings\Administrator\Templates\powerpnt.ppt
c:\documents and settings\Administrator\Templates\presenta.shw
c:\documents and settings\Administrator\Templates\quattro.wb2
c:\documents and settings\Administrator\Templates\sndrec.wav
c:\documents and settings\Administrator\Templates\winword.doc
c:\documents and settings\Administrator\Templates\winword2.doc
c:\documents and settings\Administrator\Templates\wordpfct.wpd
c:\documents and settings\Administrator\Templates\wordpfct.wpg
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DIFxInstallLog.txt
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt
c:\documents and settings\All Users\Application Data\Apple Computer
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.4.1.14\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.4.5.67\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.62.14.0\QuickTime.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.13.0\Safari.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.17.0\Safari.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.21.0\Safari.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.27.1\Safari.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.28.1\Safari.msi
c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.29.0\Safari.msi
c:\documents and settings\All Users\Application Data\Apple Computer\iTunes\iPodDevices.xml
c:\documents and settings\All Users\Application Data\Apple Computer\iTunes\SC Info\SC Info.sidb
c:\documents and settings\All Users\Application Data\Apple Computer\iTunes\SC Info\SC Info.sidd
c:\documents and settings\All Users\Application Data\Apple Computer\iTunes\SC Info\SC Info.txt
c:\documents and settings\All Users\Application Data\Apple Computer\QuickTime\QuickTime.qtp
c:\documents and settings\All Users\Application Data\Apple
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 1.1.2.23\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 1.1.3.26\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 1.1.4.7\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.0.0.33\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.0.1.5\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.0.25\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.1.13\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.2.7\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.4.0.27\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.4.1.7\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.5.0.31\AppleMobileDeviceSupport.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\Bonjour 1.0.106\Bonjour.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\MobileMe 2.1.0.24\MobileMe.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\MobileMe 2.1.1.13\MobileMe.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\MobileMe 2.1.2.7\MobileMe.msi
c:\documents and settings\All Users\Application Data\Apple\Installer Cache\MobileMe 2.4.0.27\MobileMe.msi
c:\documents and settings\All Users\Application Data\Apple\Lockdown\09523f71f4a1d5ee34c491dc1604b0c2f6eb37cc.plist
c:\documents and settings\All Users\Application Data\Applications
c:\documents and settings\All Users\Application Data\Applications\Cache\{2515BF88-E42E-4AFA-A8E7-DF272762589B}v8.0.6362.128.msi
c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\setup.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\srmall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avguilog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\cfgexlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\cfglog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\chjwlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\corelog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\ldrlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\lnglog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\nslog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\privlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\publog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\rslog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\scanlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\schedlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\srmlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\tdilog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\updlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\vaultlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\wdlog.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\wdsvclog.cfg
c:\documents and settings\All Users\Application Data\avg9\Lsdb\Prev\prvcache.dat
c:\documents and settings\All Users\Application Data\avg9\Lsdb\Prev\prvglbl.dat
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\Temp\1f436c27-8721-4138-94f7-54de8f00d5ce-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\81e55b44-18a2-42b9-9c2c-035e1b2a1638-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c2c4c170-5be1-48ba-80ab-267533273307-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dd9b1017-7bd6-4062-a768-28d1cfd8e3bd-dd0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e1a9661f-95ff-42d6-85b6-1ceedaa199f9-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\download\avg9infoavi.ctf
c:\documents and settings\All Users\Application Data\avg9\update\download\avg9infowin.ctf
c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi2641u2639fx.bin
c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi2642u2641iy.bin
c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_116hy.bin
c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb2_131ob.bin
c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_171ob.bin
c:\documents and settings\All Users\Application Data\Comcast
c:\documents and settings\All Users\Application Data\Comcast\DesktopDoctor\Updates\dd_2_5_5.msp
c:\documents and settings\All Users\Application Data\CyberLink
c:\documents and settings\All Users\Application Data\CyberLink\DVDPlay\Extension\Extension.1.0.lnk
c:\documents and settings\All Users\Application Data\desktop.ini
c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation
c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation\Data.DCD
c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation\DiscInstalledMC.txt
c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation\myInstalledGames.xml
c:\documents and settings\All Users\Application Data\Google Updater
c:\documents and settings\All Users\Application Data\Google Updater\history\history
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_acrobat.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ar.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_avast.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_chrome.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_desktop.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_earth.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ff.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_gapps.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_gpy.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ksd.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_maxthon.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ns.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_picasa.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_real.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_sd.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_skype.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_talk.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_toolbar.gif
c:\documents and settings\All Users\Application Data\Google Updater\icons\images_wps.gif
c:\documents and settings\All Users\Application Data\Google Updater\service_error_info
c:\documents and settings\All Users\Application Data\HP
c:\documents and settings\All Users\Application Data\HP\Digital Imaging\Data\Mars.ini
c:\documents and settings\All Users\Application Data\HP\Digital Imaging\Data\RedBox.ini
c:\documents and settings\All Users\Application Data\InstallShield
c:\documents and settings\All Users\Application Data\InstallShield\UpdateService\Database\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini
c:\documents and settings\All Users\Application Data\InstallShield\UpdateService\Database\{4D2778E5-AD01-4e75-A6DA-1D5831514609}.ini
c:\documents and settings\All Users\Application Data\InstallShield\UpdateService\Database\isuspm.ini
c:\documents and settings\All Users\Application Data\Intuit
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Config\q.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Config\Quicken.ini
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Config\qwpkg.cfg
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\03fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\04fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\05FN.DAT
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\06FN.DAT
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\07FN.DAT
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\08fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\09fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\15fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\17fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\18FN.DAT
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\19fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\24fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\35FN.DAT
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\38fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\40fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\42fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn\50fn.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Quicken\temp.js
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\cir_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qsetup_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qw_accts_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qw_actpg_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qw_ouss_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qw_pay_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qw_weblinks_ss.dat
c:\documents and settings\All Users\Application Data\Intuit\Quicken\Snap\qwplan_ss.dat
-
c:\documents and settings\All Users\Application Data\Kodak
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.5.20.2.dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.8.50.2.dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\Registration_7.5.20.2.sxt
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\Registration_7.8.50.2.sxt
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_738b4b8f\EasyShrx.Dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_738b4b8f\Setup.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_a80a779\EasyShrx.Dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_a80a779\Setup.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_a90b892\EasyShrx.Dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_a90b892\Setup.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_d827f4d2\EasyShrx.Dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_d827f4d2\Setup.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_1ad386f9\EasyShrx.Dll
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_1ad386f9\Setup.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ccs\ccscore.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ccs\ccsvista.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ccs\ccsxp.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbaby\kgcbaby.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbaby\kgcbaby.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbase\kgcbase.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbase\kgcbase.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchday\kgchday.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchday\kgchday.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchlwn\kgchlwn.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchlwn\kgchlwn.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcinvt\kgcinvt.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcinvt\kgcinvt.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgckids\kgckids.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgckids\kgckids.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcmove\kgcmove.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcmove\kgcmove.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcvday\kgcvday.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcvday\kgcvday.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\static\staticcr.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\static\stcr.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\static\stcr1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\esscore\1033.mst
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\esscore\esscore.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\esscore\esscore.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\essgui\essg1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\essgui\essgui.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\essgui\essgui.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\1033.mst
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\essini.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\Easyshare.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\ESSreg.cfg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\KODAK EasyShare printer dock pl.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\KODAK EasyShare printer dock.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\Kodak PD4000.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\Kodak PD6000.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\KODAK photo printer.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\enu\KODAK printer dock plus.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\ESAcct.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\KES.cfg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\OfotoXmi.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\pahGoya.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\printol.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\r28e.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\retailerservicekey.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\SmartLocator.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\Template.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\VistaEmail.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\VistaServiceKey.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\ini\WebHelpURLs.ini
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\lspp.xml
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\lsppgal.xml
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\bin\product.cfg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\enu\License.txt
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSini\program files\Kodak\Kodak EasyShare software\enu\ReadMe.htm
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSTOOLS\ESSTOOLS.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSTOOLS\ESSTOOLS.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\essvatgt.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\enu\page1.html
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\bullet.gif
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\grey.gif
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\left_red.gif
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\POL_service_pc_p1graphic.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\POL_service_pc_p2graphic.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\right_red.gif
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\spacer.gif
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\images\white.gif
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\style\ess.IE.css
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\ESSvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\style\ess.NET.css
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\netbrdg\netbrdg.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\netbrdg\netbrdg.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SHASTA\SHASTA.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SHASTA\SHASTA.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SKIN0001\s0001enu.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SKIN0001\skin0001.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SKIN0001\skin0001.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SKINXSDK\skinxsdk.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\SKINXSDK\skinxsdk.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\VPRINTOL\vprintol.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\VPRINTOL\vprintol.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fflink\fflink.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fflink\fflink.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\dotnetfx.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\netfw.exe
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\graphics\1033\b_enu_01.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\graphics\1033\b_enu_02.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\graphics\1033\b_enu_03.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\graphics\1033\b_enu_04.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\graphics\1033\b_enu_05.jpg
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\kdevices\pdock\1033.mst
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\kdevices\pdock\ESSPDock.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\kdevices\pdock\pd32bit.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\kdevices\pdock\pdxp.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\kdevices\pdock\xp1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\MANIFEST.BoM
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Sonic\ESSSONIC.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Sonic\Sonic.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\essbrwr\brwr1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\essbrwr\essbrwr.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\essbrwr\essbrwr.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esscdbk\cdbackup.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esscdbk\cdbu1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esscdbk\cdr.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esscdbk\esscdbk.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esscdbk\primosdk.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esspcd\esspcd.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esspcd\pcd_sys.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\esspcd\pcd1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\ofotoxmi\ofotoxmi.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\ofotoxmi\ofotoxmi.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysext\ofotoxmi\xmi1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\Sfr1\sfr.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\Sfr1\sfr.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\tooltips\tooltips.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\tooltips\tooltips.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\tooltips\tt_1033.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\WIRELESS\wireless.cab
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\WIRELESS\wireless.msi
c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\WIRELESS\wrlssenu.cab
c:\documents and settings\All Users\Application Data\Kodak\Registration\DataStore.db
c:\documents and settings\All Users\Application Data\Malwarebytes
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
c:\documents and settings\All Users\Application Data\Microsoft Help
c:\documents and settings\All Users\Application Data\Microsoft Help\Hx.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_1033_MKWD_K.HxW
c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW
c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_1033_MTOC_Hx.HxH
c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_1033_MValidator.HxD
c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_1033_MValidator.Lck
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.OIS.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.ONENOTE.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn
c:\documents and settings\All Users\Application Data\Microsoft Help\nslist.hxl
c:\documents and settings\All Users\Application Data\MSScanAppDataDir
c:\documents and settings\All Users\Application Data\MSScanAppDataDir\xscan32.dat
c:\documents and settings\All Users\Application Data\NOS
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
c:\documents and settings\All Users\Application Data\Office Genuine Advantage
c:\documents and settings\All Users\Application Data\Office Genuine Advantage\data\data.dat
c:\documents and settings\All Users\Application Data\pixelStorm
c:\documents and settings\All Users\Application Data\pixelStorm\Zone\Bankshot\bankshot_zone.raw
c:\documents and settings\All Users\Application Data\pixelStorm\Zone\Bankshot\bankshotsettings_zone.xml
c:\documents and settings\All Users\Application Data\QTSBandwidthCache
c:\documents and settings\All Users\Application Data\SBSI
c:\documents and settings\All Users\Application Data\SBSI\ORUN\bookmrk.CDX
c:\documents and settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Groups.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Groups.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Grpsyll.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Prgrss2.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Prgrss2.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Progress.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Progress.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Settings.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Syllabi2.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Syllabi2.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Syllabus.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Usergrp.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Usergrp.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Users.cdx
c:\documents and settings\All Users\Application Data\SBSI\ORUN\Users.dbf
c:\documents and settings\All Users\Application Data\SBSI\ORUN\WXPProa.toc
c:\documents and settings\All Users\Application Data\Sierra
c:\documents and settings\All Users\Application Data\Sierra\Hallmark Card Studio 2005\PrintConfig.ini
c:\documents and settings\All Users\Application Data\Sierra\Planner\PLANR32.BAK
c:\documents and settings\All Users\Application Data\Sierra\Planner\PLANR32.DAT
c:\documents and settings\All Users\Application Data\Sierra\Planner\userdic.tlx
c:\documents and settings\All Users\Application Data\Sonic
c:\documents and settings\All Users\Application Data\Sonic\license.dat
c:\documents and settings\All Users\Application Data\Stardock
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Aquarium\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Aquarium\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Ascent\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Ascent\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Autumn\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Autumn\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Azul\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Azul\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Bliss\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Bliss\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Crystal\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Crystal\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Da Vinci\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Da Vinci\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Elemental - War of Magic\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Elemental - War of Magic\Elemental_LogOn.jpg
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Elemental - War of Magic\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Follow\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Follow\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Friend\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Friend\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\GalCiv 2 - Ultimate\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\GalCiv 2 - Ultimate\GalCiv2Ultimate.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\GalCiv 2 - Ultimate\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Home\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Home\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Koi - Green\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Koi - Green\KOI_wallpaper_03.jpg
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Koi - Green\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Moon Flower\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Moon Flower\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Object Desktop\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Object Desktop\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Object Desktop\ObjectDesktop.jpg
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Ocean\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Ocean\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Orange Nebula\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Orange Nebula\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Orange Nebula\OrangeNebula.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Peace\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Peace\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Power\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Power\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Purple Flower\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Purple Flower\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Radiance\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Radiance\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Red Moon Desert\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Red Moon Desert\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Ripple\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Ripple\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Sins of a Solar Empire\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Sins of a Solar Empire\Entrenchment7_large.jpg
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Sins of a Solar Empire\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Sins of a Solar Empire\SINS1920.jpg
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Space\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Space\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Spring\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Spring\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Star Tracks\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Star Tracks\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Stonehenge\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Stonehenge\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Stream\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Stream\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Tulips\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Tulips\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Vortec Space\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Vortec Space\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Wind\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Wind\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Windows XP\autogenerated_thumbnail.png
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\Logons\Windows XP\LogonVista.ini
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\WindowsDefault.jpg
c:\documents and settings\All Users\Application Data\Stardock\LogonStudio Vista\WindowsDefault_thumb.png
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\documents and settings\All Users\Application Data\Support.com
c:\documents and settings\All Users\Application Data\Support.com\profiles\ckcache.lst
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\config.cfg
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\dnaback\{26FB483C-2F13-4FDF-A0B8-07E85AE44820}.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\dnaback\{7341D696-C59A-4816-A60C-8DEA7D62E56A}.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\dnaback\{D6503E20-AE5F-4107-AA63-49737007D42C}.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\dnaback\{f04b4727-5194-4d8f-a004-75b9c36fbbfb}.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\dnaback\software.cat
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\events.ini
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\issues\siidx.xml
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\lastrun\{58eb2f21-b6cc-425d-b019-cbd6e460f2e9}.lrf
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\lastrun\{ea3f4f9b-80cf-4b14-8987-cbf6715fc3f5}.lrf
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\logs\{3e7fd2bc-850d-4bd5-9311-bdbbee59d062}.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\logs\01c684556ba125cc168.out
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\logs\01c685d1b9cbca7c168.out
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\logs\01c689ae8f8d21c6168.out
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{29f450a1-5c8e-4e1f-a6bb-e8a28e14859b}.sdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{57858472-de5c-45fe-ae03-886c9f30eba0}.sdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{6736d881-5ef2-4d37-a969-52e16289bfe2}.sdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{7341D696-C59A-4816-A60C-8DEA7D62E56A}.sdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{D6503E20-AE5F-4107-AA63-49737007D42C}.sdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{ea3f4f9b-80cf-4b14-8987-cbf6715fc3f5}.jdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\{f04b4727-5194-4d8f-a004-75b9c36fbbfb}.sdn
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\all.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\apps.ini
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\custom.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\default.xml
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\filter.ini
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\jobs.ini
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\net.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\os.ini
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\os2k.lst
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\os95a.lst
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\os95b.lst
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\osme.lst
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\osnt.lst
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\print.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\probe.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\snap.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\svc.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{ComcastSUPPORT}\prefs\vault.flt
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\config.cfg
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\dnaback\{0CD4F814-E801-4702-A9F4-CF5DEFDAB3EA}55402.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\dnaback\{11eba892-72bd-11d2-898f-0040054d1f81}55402.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\dnaback\software.cat
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\issues\4ef80878-dfd3-4ad3-9b58-cef48edec193.cab
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\issues\6f6f39c3-8f73-4369-864d-846d53f61ea8.cab
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\issues\siidx.xml
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\logs\{815804f7-c7db-493e-baa7-6f00c41c2f29}.dna
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\logs\01c6710c7387667c168.out
c:\documents and settings\All Users\Application Data\Support.com\profiles\HP_Administrator\{INSTALL}\prefs\default.xml
c:\documents and settings\All Users\Application Data\Support.com\profiles\mac.id
c:\documents and settings\All Users\Application Data\Support.com\profiles\vltcache.lst
c:\documents and settings\All Users\Application Data\SupportSoft
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\clientuiconfig.xml
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\config.cfg
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\default.xml
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\folder.xml
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\manifest.xml
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\manifest.zip
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\exec\DDPatch_2_5_5.exe
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\jobs.log.bak
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log;1
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log;2
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log;3
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log;4
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log;5
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\zcat\clientuiconfig.zcat
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\zcat\config.zcat
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\zcat\defaultxml.zcat
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\zcat\folder.zcat
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\updates\timestamp~catalog.txt
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\updates\unverified~catalog.txt
c:\documents and settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\updates\updates.state
-
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Windows Genuine Advantage
c:\documents and settings\All Users\Application Data\Windows Genuine Advantage\data\data.dat
c:\documents and settings\All Users\Application Data\Yahoo! Companion
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Cache\025C146F7549EA35441670D7CB5BB9C7
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Cache\8C50577CF3AEEA238EF7134C6147806F
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Cache\filelist
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq@oc08b^2ec_o\_bm2.xml
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq@oc08b^2ec_o\alrt.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq@oc08b^2ec_o\alrt_200.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq@oc08b^2ec_o\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq@oc08b^2ec_o\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq_o\alrt.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq_o\alrt_200.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq_o\bm2.xml
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq_o\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\0m0jj4qq_o\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\7eei84h6khb_sr_o\_bm2.xml
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\7eei84h6khb_sr_o\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\7eei84h6khb_sr_o\us_p_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\7eei84h6khb_sr_o\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\7eei84h6khb_sr_o\us_yb_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\alrt.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\alrt_200.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\bm2.xml
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\us_p_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\c23027isqqu_o\us_yb_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\default\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\default\us_p_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\default\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\default\us_yb_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\iaeeao2eea84_o\alrt.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\iaeeao2eea84_o\alrt_200.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\iaeeao2eea84_o\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\iaeeao2eea84_o\us_p_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\iaeeao2eea84_o\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\iaeeao2eea84_o\us_yb_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\lckdeprzzq_o\_bm2.xml
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\lckdeprzzq_o\feed4.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\lckdeprzzq_o\us_p_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\lckdeprzzq_o\us_sres.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Data\lckdeprzzq_o\us_yb_c.data
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\04c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\10c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\16c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\18c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\25c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\27c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\44c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\47c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\48c.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\ab_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\ad_rose.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\addmy.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\aut3.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bkm_add_2_s0.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bkm_add_2_s1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bmfav_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bmfol_1_s0.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bmpref_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bmrc_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bmsearch_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\boo2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\bwy1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\carc.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\cayas.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\cayas2.ico
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\cbb.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\cho.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\del_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\dir.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\discmore_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\edu.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\fan.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\fan2_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\fifa2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\flk2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\flk2.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\gam_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\gam_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\gam2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\gift_pnk.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\gre_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\hj_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\hj_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\ie7.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\kp_01.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\kr_soh.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\kr_tour.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\loc01.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\log_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mail_1_s0.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mail_1_s1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mb2_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mlb.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mlb_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mn2_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mob_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mov_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\msgr_off2_s0.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\msgr_off2_s1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\msgr_on.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\msgrbounce_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\msgrnew_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\msgro2_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\mus_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\my_03.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\myw.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\nba.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\nba_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\new3.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\nfl.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\nfl_s.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\nhl.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\npsr_s0.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\npsr_s1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\npsr_s2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\npsr_s3.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\pa1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\pa2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\pa3.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\per05b.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\psr4.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\qsbm.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\qsy.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\qsyma.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\riv1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\sc2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\sh_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_ans_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_aud_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_hi.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_hi_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_hi_d.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_img_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_loc_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_map_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_nws_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_sh_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_sit.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_sit_d.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_site_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_stk_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_vid_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\srch_water2_mag.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_aud.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_del.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_flkr3.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_img2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_loc2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_mw.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_new2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_shp.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_ts.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_vid2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\st_web2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\tmsgr_s0.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\tot.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\tra2.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\trav_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\trav_1.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\upc1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\warn_1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\xlt.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\ybang.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\ybangpurple.gif
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\yma2_s0.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\yma2_s1.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Icons\yme.bmp
c:\documents and settings\All Users\Application Data\Yahoo! Companion\Media\pop8.wav
c:\documents and settings\All Users\Application Data\yahoo!
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\default_profile_image_normal.gif
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\index.html
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\loader.gif
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\MANIFEST\plugin.properties
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\meow.wav
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\metal.jpg
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\README.txt
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\secondary_window.html
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\Settings.html
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\3ed82e17-e40b-41a4-4592-c98f27cf2f1e.yplugin\twitter.gif
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST\plugin.properties
c:\documents and settings\All Users\Application Data\yahoo!\Messenger\Plugin\C6E3CCAE6B3930DA5882F83E6758204E.ini
c:\documents and settings\All Users\Application Data\yahoo!\SearchProtection\fudogsetupUS.exe
c:\documents and settings\All Users\Desktop\Google Earth.lnk
c:\documents and settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\All Users\Documents\desktop.ini
c:\documents and settings\All Users\Documents\ESBK.mb
c:\documents and settings\All Users\Documents\ESBK.mbb
c:\documents and settings\All Users\Documents\MCE Logs
c:\documents and settings\All Users\Documents\My Music
c:\documents and settings\All Users\Documents\My Music\Alanis Morissette\Everything - Single\Everything.wma
c:\documents and settings\All Users\Documents\My Music\Alanis Morissette\Everything - Single\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\AlbumArt_{651FD0C7-7D65-4BC5-8B0D-E71DFD4192EC}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\AlbumArt_{651FD0C7-7D65-4BC5-8B0D-E71DFD4192EC}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\desktop.ini
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\Portal.wma
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\Rhythm Tune.wma
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\That's the Deal.wma
c:\documents and settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\The Last Minute.wma
c:\documents and settings\All Users\Documents\My Music\Desktop.ini
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\AlbumArt_{67B7BD5D-DB1C-42D6-94CE-ED833733EA9A}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\AlbumArt_{67B7BD5D-DB1C-42D6-94CE-ED833733EA9A}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\desktop.ini
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Gbe Kini Ohun De.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Ja Fun Mi Dub [Instrumental].wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Ka To d'Aiye a y'Opin.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Kita Kita Ko M'ola.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Ota Mi Ma Yo Mi.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Synchro Feelings-Ilako Medley.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Synchro Reprise.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Synchro System.wma
c:\documents and settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\Untitled.wma
c:\documents and settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\515 am.wma
c:\documents and settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\AlbumArt_{C48DCAF6-2F16-4907-B5EF-48950D78A7B5}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\AlbumArt_{C48DCAF6-2F16-4907-B5EF-48950D78A7B5}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\desktop.ini
c:\documents and settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\AlbumArt_{26A33310-6993-4A56-8C9C-9D6EF06F3FCC}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\AlbumArt_{26A33310-6993-4A56-8C9C-9D6EF06F3FCC}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\desktop.ini
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\Going in the Right Direction.wma
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\Nobody.wma
c:\documents and settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\Soul Refreshing.wma
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\AlbumArt_{A4D1E22A-5BA7-4371-BD03-036A45194952}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\AlbumArt_{A4D1E22A-5BA7-4371-BD03-036A45194952}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\desktop.ini
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\I Play Music.wma
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\Red Rover.wma
c:\documents and settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\Sell All My Things.wma
c:\documents and settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FDEEDFAA-93A2-42C7-80D5-819F82638A60}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FDEEDFAA-93A2-42C7-80D5-819F82638A60}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
c:\documents and settings\All Users\Documents\My Music\Sample Music\desktop.ini
c:\documents and settings\All Users\Documents\My Music\Sample Music\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
c:\documents and settings\All Users\Documents\My Music\Sample Music\Thumbs.db
-
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- 4 and 5 star rated.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- Have not heard recently.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- Listen to late at night.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- Listen to on Weekdays.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- Listen to on Weekends.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- One Audio CD worth.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Favorites -- One Data CD-R worth.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Fresh tracks -- yet to be played.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Fresh tracks -- yet to be rated.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Fresh tracks.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\High bitrate media in my library.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Low bitrate media in my library.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Music tracks I dislike.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Music tracks I have not rated.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\00099280\Music tracks with content protection.wpl
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\desktop.ini
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\01_Music_auto_rated_at_5_stars.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\02_Music_added_in_the_last_month.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\03_Music_rated_at_4_or_5_stars.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\04_Music_played_in_the_last_month.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\05_Pictures_taken_in_the_last_month.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\06_Pictures_rated_4_or_5_stars.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\07_TV_recorded_in_the_last_week.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\08_Video_rated_at_4_or_5_stars.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\09_Music_played_the_most.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\10_All_Music.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\11_All_Pictures.wpl
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00099280\12_All_Video.wpl
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\AlbumArt_{0777EFA4-BE8E-4322-947F-86D4AFD96B62}_Large.jpg
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\AlbumArt_{0777EFA4-BE8E-4322-947F-86D4AFD96B62}_Small.jpg
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\AlbumArtSmall.jpg
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\desktop.ini
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\Folder.jpg
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\Kissing the Lipless.wma
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\Saint Simon.wma
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\ShinsThumb.jpg
c:\documents and settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\So Says I.wma
c:\documents and settings\All Users\Documents\My Videos
c:\documents and settings\All Users\Documents\My Videos\Desktop.ini
c:\documents and settings\All Users\Documents\My Videos\Mysteries of the Nile (Hi-def).jpg
c:\documents and settings\All Users\Documents\My Videos\Mysteries of the Nile (Hi-def).wmv
c:\documents and settings\All Users\Documents\Recorded TV
c:\documents and settings\All Users\DRM
c:\documents and settings\All Users\DRM\drmstore.hds
c:\documents and settings\All Users\DRM\v2ks.bla
c:\documents and settings\All Users\DRM\v2ks.sec
c:\documents and settings\All Users\Start Menu\desktop.ini
c:\documents and settings\All Users\Start Menu\Get OpenOffice.org.lnk
c:\documents and settings\All Users\Start Menu\HP Photosmart Premier.lnk
c:\documents and settings\All Users\Start Menu\HP Solution Center.lnk
c:\documents and settings\All Users\Start Menu\MSN Encarta Standard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Fax\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Fax\Fax Console.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Fax\Send a Fax....lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Media Center\Media Center Programs\DigitalMedia Archive.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Media Center\Media Center Programs\DVD Play Setting.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Media Center\Media Center Programs\HP Image Zone.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Media Center\Media Center Programs\Otto.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Media Center\Media Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Paint.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk
c:\documents and settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
c:\documents and settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
c:\documents and settings\All Users\Start Menu\Programs\Adobe
c:\documents and settings\All Users\Start Menu\Programs\Adobe\Adobe Media Player.lnk
c:\documents and settings\All Users\Start Menu\Programs\Advanced SystemCare 3
c:\documents and settings\All Users\Start Menu\Programs\Advanced SystemCare 3\Advanced SystemCare.lnk
c:\documents and settings\All Users\Start Menu\Programs\Advanced SystemCare 3\Uninstall Advanced SystemCare.lnk
c:\documents and settings\All Users\Start Menu\Programs\Advanced SystemCare 3\User Manual.lnk
c:\documents and settings\All Users\Start Menu\Programs\AVG Free 9.0
c:\documents and settings\All Users\Start Menu\Programs\AVG Free 9.0\AVG Free Tray Icon.lnk
c:\documents and settings\All Users\Start Menu\Programs\AVG Free 9.0\AVG Free User Interface.lnk
c:\documents and settings\All Users\Start Menu\Programs\AVG Free 9.0\Uninstall AVG Free.lnk
c:\documents and settings\All Users\Start Menu\Programs\Comcast
c:\documents and settings\All Users\Start Menu\Programs\Comcast\Desktop Doctor\Desktop Doctor.lnk
c:\documents and settings\All Users\Start Menu\Programs\ComcastSupport
c:\documents and settings\All Users\Start Menu\Programs\ComcastSupport\Comcast SUPPORT.lnk
c:\documents and settings\All Users\Start Menu\Programs\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\DVD Play.lnk
c:\documents and settings\All Users\Start Menu\Programs\eBay.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games
c:\documents and settings\All Users\Start Menu\Programs\Games\- More Games -.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Games\Freecell.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Hearts.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Pinball.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Solitaire.lnk
c:\documents and settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk
c:\documents and settings\All Users\Start Menu\Programs\Google Earth
c:\documents and settings\All Users\Start Menu\Programs\Google Earth\Google Earth.lnk
c:\documents and settings\All Users\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk
c:\documents and settings\All Users\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk
c:\documents and settings\All Users\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk
c:\documents and settings\All Users\Start Menu\Programs\Google Updater
c:\documents and settings\All Users\Start Menu\Programs\Google Updater\Google Updater.lnk
c:\documents and settings\All Users\Start Menu\Programs\Google Updater\Uninstall Google Updater.lnk
c:\documents and settings\All Users\Start Menu\Programs\HijackThis
c:\documents and settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hot Deals
c:\documents and settings\All Users\Start Menu\Programs\Hot Deals\Adobe Store.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hot Deals\NetSmartz.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hot Deals\Online Backup.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hot Deals\Online File Sharing.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP Music.url
c:\documents and settings\All Users\Start Menu\Programs\HP
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Document Viewer.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Photosmart Premier.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Photosmart Transfer.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Product Assistant.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Software Tour.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Software Update.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\HP Solution Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\Photosmart Camera\Image Transfer.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\Photosmart Camera\Product Registration.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\Photosmart Camera\Product Support Website.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\PSC All-In-One 1500 series\Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\PSC All-In-One 1500 series\Product Registration.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\PSC All-In-One 1500 series\Product Support Website.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\PSC All-In-One 1500 series\Readme.lnk
c:\documents and settings\All Users\Start Menu\Programs\HP\PSC All-In-One 1500 series\Uninstall.lnk
c:\documents and settings\All Users\Start Menu\Programs\Kodak
c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare printer dock\Kodak Wireless Printer Computer Setup Assistant.lnk
c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare printer dock\Kodak Wireless Printer Configuration Utility.lnk
c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\ReadMe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
c:\documents and settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
c:\documents and settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
c:\documents and settings\All Users\Start Menu\Programs\Media Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Getting Started.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Works\Windows Address Book.lnk
c:\documents and settings\All Users\Start Menu\Programs\MSN.lnk
-
c:\documents and settings\All Users\Start Menu\Programs\Online Backup.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services
c:\documents and settings\All Users\Start Menu\Programs\Online Services\Canada\AOL Canada.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\Canada\AOL Max.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\Canada\Netscape Online Canada.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\United States\America Online.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\United States\EarthLink.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\United States\Get High-Speed Internet.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\United States\MSN.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\United States\Netscape Online.lnk
c:\documents and settings\All Users\Start Menu\Programs\Online Services\United States\PeoplePC.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\Advanced Troubleshooting Tools.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\HP Application Recovery.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\HP Pavilion support information.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\HP PC Recovery CD-DVD Creator.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\HP PC Recovery Tools CD.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\HP PC System Recovery.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\PC-Doctor Offline DOS Diagnostic.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\Register with HP.url
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\Software Repair Wizard.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\System Restore.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Help & Tools\Updates from HP.lnk
c:\documents and settings\All Users\Start Menu\Programs\QuickTime
c:\documents and settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk
c:\documents and settings\All Users\Start Menu\Programs\QuickTime\PictureViewer.lnk
c:\documents and settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk
c:\documents and settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\CreativeHome Web Site.url
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Hallmark Card Studio 2005 Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Hallmark Card Studio 2005 Manual.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Hallmark Card Studio 2005 ReadMe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Hallmark Card Studio 2005 Tutorial.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Hallmark Card Studio 2005.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\PhotoPower.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Register Hallmark Card Studio 2005.url
c:\documents and settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio 2005\Uninstall Hallmark Card Studio 2005.lnk
c:\documents and settings\All Users\Start Menu\Programs\Smart Defrag
c:\documents and settings\All Users\Start Menu\Programs\Smart Defrag\Home Page.url
c:\documents and settings\All Users\Start Menu\Programs\Smart Defrag\Smart Defrag.lnk
c:\documents and settings\All Users\Start Menu\Programs\Smart Defrag\Uninstall Smart Defrag.lnk
c:\documents and settings\All Users\Start Menu\Programs\Snapfish for your photos
c:\documents and settings\All Users\Start Menu\Programs\Snapfish for your photos\Snapfish for your photos.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sonic
c:\documents and settings\All Users\Start Menu\Programs\Sonic\DigitalMedia Home.lnk
c:\documents and settings\All Users\Start Menu\Programs\Sonic\MyDVD Plus.lnk
c:\documents and settings\All Users\Start Menu\Programs\Stardock
c:\documents and settings\All Users\Start Menu\Programs\Stardock\Object Desktop\LogonStudio.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup Optimizer
c:\documents and settings\All Users\Start Menu\Programs\Startup Optimizer\Startup Optimizer help.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup Optimizer\Startup Optimizer on the Web.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup Optimizer\Startup Optimizer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup Optimizer\Uninstall Startup Optimizer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware\BootSafe.lnk
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
c:\documents and settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Repair.lnk
c:\documents and settings\All Users\Start Menu\Programs\User's Guides
c:\documents and settings\All Users\Start Menu\Programs\User's Guides\Media Center Software Guide.lnk
c:\documents and settings\All Users\Start Menu\Programs\User's Guides\Safety & Comfort Guide.lnk
c:\documents and settings\All Users\Start Menu\Programs\User's Guides\Upgrading and Servicing Guide.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Defender.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
c:\documents and settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements\Windows Audio Converter.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements\Windows CD Label Maker.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements\Windows Dancer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements\Windows Party Mode.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
c:\documents and settings\All Users\Start Menu\Programs\Yahoo! Messenger
c:\documents and settings\All Users\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk
c:\documents and settings\All Users\Start Menu\Programs\Yahoo! Search Protection
c:\documents and settings\All Users\Start Menu\Programs\Yahoo! Search Protection\Yahoo! Search Protection.lnk
c:\documents and settings\All Users\Start Menu\Set Program Access and Defaults.lnk
c:\documents and settings\All Users\Start Menu\Snapfish for your photos.lnk
c:\documents and settings\All Users\Start Menu\Windows Catalog.lnk
c:\documents and settings\All Users\Start Menu\Windows Update.lnk
c:\documents and settings\All Users\Templates\soffice.odg
c:\documents and settings\All Users\Templates\soffice.odp
c:\documents and settings\All Users\Templates\soffice.ods
c:\documents and settings\All Users\Templates\soffice.odt
c:\documents and settings\Default User\ntuser.ini
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HP
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HP\Install\LaunchPad.htm
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ\logs\statsLog.txt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Intuit
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\Advanced SystemCare\Backup.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\Advanced SystemCare\Backup\hdlnre.reg
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\Advanced SystemCare\Backup\kywmjt.reg
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\Advanced SystemCare\Fav.ico
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\Advanced SystemCare\Ignore.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\Advanced SystemCare\Main.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\InternetBooster\LastSetBandWidth.ib
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit\IObit SmartDefrag\config.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-01-23 (00-18-09).txt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-01-23 (06-39-31).txt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skinux
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 0-10-22 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 0-21-0 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 0-49-14 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 2-22-56 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 21-9-23 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 4-22-18 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-1-23-2010( 6-47-2 ).SDB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 01-23-2010 - 21-42-04.log
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.DB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.ZIP
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.ZIP
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Advanced SystemCare.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AVG Free User Interface.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CCleaner.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HijackThis.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Malwarebytes'.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Smart Defrag.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Startup Optimizer.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Windows Update.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\breeders.net Dog Breeders Search Directory.url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\Desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\INOVA FCU Login.url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\Personal Banking - National City.url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\South Bend Classifieds - Free Classifieds Ads for South Bend, Indiana, Michigan at Kijiji..url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\The American Kennel Club.url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Favorites\Yahoo! Mail The best web-based email!.url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IECompatCache
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IECompatCache\index.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache\index.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\1033.MST
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\DiscUpdateMgr.exe.ca552b9d.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini.inuse
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\HPBWSetup.exe.d9e58072.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\HPCEE.exe.5198d2e5.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\HPZISMGR.EXE.2fd8c98f.ini.inuse
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c95982a.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\myFTP.exe.c6bc28d9.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\PostInstallExecuter.exe.2c6c3c60.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\SetupMCL.exe.cacc9309.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory\SL52.tmp.fc211826.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Custom Buttons\toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.xml
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\dbCache.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\dbCache.dat.index
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_1050_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_3d_buildings_new_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_bank.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_bar.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_coffee.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_dining.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_gas_station.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_grocery.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_lodging.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_movie.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_pharmacy.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_bl_shopping.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_blue_star_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_cabs64_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_census_new_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_city_capital_star.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_city_major.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_flag64_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_golf_new_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_green_star_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_lhp-business-32_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_lil_earth_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_blue_square.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_roads_legend_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_traffic64_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_waters64_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_wiki_white.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_wiki_white_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_blue_disk_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_blue_disk_nh.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_blue_icon_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_blue_star_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_census_new_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_gray_disk_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_gray_disk_nh.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_green_disk_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_green_star_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_information_new_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_new_icon_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_red_disk_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_red_disk_nh.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_red_star_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_red_star_nh.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_schools_new_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_SkyButtonLogoSmall_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\GoogleEarth\icons\khmdb.google.com_icons_yellow_disk_l.png
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\IconCache.db
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\OSLGAPFN\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\OSLGAPFN\fwlink[1]
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\PEVA1W1B\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\PEVA1W1B\fwlink[1]
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\RSK0Q7UC\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds Cache\Z3T5B9I5\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\HelpCtr\D23D0028-A543-4767-B4AA-1581D8E1CDB2_1033.xml
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{CABE13CA-0931-11DF-A86D-0015F2E42671}.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{169CD1AC-0926-11DF-A86D-0015F2E42671}.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{C3CCEEF2-9513-4272-BFBC-D251A10D0679}.ico
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{F7E7DF9C-A9F6-43B5-97C4-67F5897EBA7A}.ico
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Money\15.0\au.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Temp
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Temp\{4FAE59CE-2196-4BEB-AC0E-4B7534B00FC5}
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\LuResult.txt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20100124_034547.reg
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Music
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Music\Desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Videos
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Videos\Desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Videos\Samples.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE\index.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Accessibility\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Address Book.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Command Prompt.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Entertainment\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Notepad.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Synchronize.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Tour Windows XP.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Accessories\Windows Explorer.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\CCleaner
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\CCleaner\CCleaner Homepage.url
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\CCleaner\CCleaner.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Online Services
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Outlook Express.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Remote Assistance.lnk
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\desktop.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Windows Media Player.lnk
-
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\amipro.sam
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\excel.xls
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\excel4.xls
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\lotus.wk4
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\powerpnt.ppt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\presenta.shw
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\quattro.wb2
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\sndrec.wav
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\winword.doc
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\winword2.doc
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\wordpfct.wpd
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\wordpfct.wpg
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData\21ODCLKX\oWindowsUpdate[1].xml
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData\index.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
c:\documents and settings\LocalService\Application Data\Webroot
c:\documents and settings\LocalService\IETldCache
c:\documents and settings\LocalService\IETldCache\index.dat
c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
c:\documents and settings\LocalService\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst
c:\documents and settings\LocalService\Local Settings\Application Data\Adobe\Color\ACECache4.lst
c:\documents and settings\LocalService\Local Settings\Application Data\Google
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
c:\documents and settings\LocalService\Local Settings\desktop.ini
c:\documents and settings\LocalService\ntuser.ini
c:\documents and settings\NetworkService\IETldCache
c:\documents and settings\NetworkService\IETldCache\index.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
c:\documents and settings\NetworkService\Local Settings\Application Data\Google
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft\ddoctorv2\HP_Administrator\state\databags\SubAgent.subagent.History.xml
c:\documents and settings\NetworkService\Local Settings\desktop.ini
c:\documents and settings\NetworkService\ntuser.ini
c:\program files\WildTangent
c:\program files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\settings.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\def.dat
c:\program files\WildTangent\Apps\icon.ico
c:\windows\system32\config\systemprofile\Application Data\desktop.ini
c:\windows\system32\config\systemprofile\Application Data\Intuit
c:\windows\system32\config\systemprofile\Application Data\Symantec
c:\windows\system32\config\systemprofile\Local Settings\desktop.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\documents and settings\All Users\Application Data\avg9 . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-0-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-1-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-2-i.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-2-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\emc\Log\emc.log . . . . failed to delete
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 09:30 . 2010-01-24 09:35 5281792 ----a-w- c:\windows\system32\logonuix.exe
2010-01-24 08:47 . 2010-01-24 08:48 -------- d-----w- c:\program files\TheSage
2010-01-24 08:46 . 2010-01-24 08:46 -------- d-----w- c:\program files\Stardock
2010-01-24 00:19 . 2010-01-24 00:22 -------- d-----w- c:\program files\Startup Optimizer
2010-01-23 08:59 . 2010-01-23 08:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 08:44 . 2010-01-23 08:50 -------- d-----w- c:\program files\Trend Micro
2010-01-23 06:10 . 2010-01-23 06:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-23 06:08 . 2010-01-23 06:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-23 05:58 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 05:58 . 2010-01-23 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 05:58 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\scripting
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\en
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\bits
2010-01-23 05:09 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2010-01-23 05:09 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2010-01-23 05:09 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-01-23 05:09 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-01-23 05:09 . 2004-08-04 03:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-01-23 05:09 . 2004-08-04 03:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-01-23 05:07 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2010-01-23 05:06 . 2008-04-14 00:11 516768 ------w- c:\windows\system32\ativvaxx.dll
2010-01-23 04:14 . 2010-01-23 04:14 -------- d-----w- C:\$AVG
2010-01-23 04:13 . 2010-01-23 04:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 04:13 . 2010-01-23 04:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 04:13 . 2010-01-23 04:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 04:13 . 2010-01-24 22:03 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-23 04:13 . 2010-01-23 04:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 04:13 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 03:19 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-23 03:19 . 2009-12-21 19:14 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-23 03:19 . 2009-12-21 19:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-23 03:19 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-23 03:19 . 2009-12-21 19:14 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-23 03:19 . 2009-12-21 19:14 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-23 03:19 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-23 03:11 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-23 03:11 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-23 03:11 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-23 03:11 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-23 03:11 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-23 02:30 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-23 02:30 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-23 02:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-23 02:28 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-23 02:28 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-23 02:28 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-23 02:26 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-23 02:24 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-23 02:24 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-23 02:24 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-23 02:24 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-23 02:24 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-23 02:24 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-23 02:24 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-23 02:24 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-23 02:24 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-23 02:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-23 02:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-23 02:23 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-23 02:22 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-23 02:22 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-23 02:21 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-23 01:43 . 2010-01-23 09:12 -------- d-sh--r- c:\windows\system32\dllcache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 09:47 . 2006-02-11 01:12 -------- d-----w- c:\program files\Google
2010-01-24 02:12 . 2007-04-01 21:12 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-24 01:33 . 2009-12-01 23:01 -------- d-----w- c:\program files\IObit
2010-01-23 09:07 . 2006-02-11 00:13 -------- d-----w- c:\program files\Java
2010-01-23 09:00 . 2010-01-23 09:00 503808 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcp71.dll
2010-01-23 09:00 . 2010-01-23 09:00 499712 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\jmc.dll
2010-01-23 09:00 . 2010-01-23 09:00 348160 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcr71.dll
2010-01-23 09:00 . 2010-01-23 09:00 61440 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-sse.dll
2010-01-23 09:00 . 2010-01-23 09:00 12800 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-d3d.dll
2010-01-23 09:00 . 2006-02-11 00:13 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 05:42 . 2005-08-31 04:01 92463 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-23 04:35 . 2006-02-11 01:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-23 04:13 . 2009-04-28 17:48 -------- d-----w- c:\program files\AVG
2010-01-23 03:56 . 2006-02-11 00:46 -------- d-----w- c:\program files\Sonic
2010-01-23 03:55 . 2006-02-11 00:59 -------- d-----w- c:\program files\Quicken
2010-01-23 03:52 . 2006-02-11 00:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 03:51 . 2006-02-11 00:58 -------- d-----w- c:\program files\muvee Technologies
2010-01-23 03:51 . 2006-02-11 00:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 03:44 . 2006-02-11 00:08 -------- d-----w- c:\program files\GemMaster
2010-01-23 01:36 . 2006-02-11 00:33 112942 ----a-w- c:\windows\hpoins07.dat
2010-01-23 01:30 . 2010-01-23 01:30 1903 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER900AA-ABA a1430n_YC_0Pavi_QCNH607_E62NAemMPA1_48_ INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXP2_L409_M121 5_J250_7AMD_8Athlon 64 X2 Dual Core_92_#060408_N_Z11C10620_G10DE0241.MRK
2009-12-21 19:14 . 2004-08-10 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-10 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 04:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"ehTray"=c:\windows\ehome\ehtray.exe
"nwiz"=nwiz.exe /install
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"DMAScheduler"=c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/22/2010 10:13 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/22/2010 10:13 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/22/2010 10:13 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/22/2010 10:13 PM 285392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 3:46 AM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-24 09:46]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:46]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 16:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-01-24 16:09:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-24 22:09
ComboFix2.txt 2010-01-24 05:53
Pre-Run: 217,341,521,920 bytes free
Post-Run: 216,685,215,744 bytes free
- - End Of File - - 4928370C65D20398FB0DBAA9BC4ED121
-
I copied file as instructed and ran ComboFix. I think it deleted a little more than just the WildTangent though. I'm not sure if I should run a system restore, as I have nothing left (hardly) on the computer.
Did something go wrong? Do I need to redownload all the programs I had? I have no AntiVirus, no programs in start menu, it wiped out ALOT! Was it supposed to? Please explain what to do next.
-
Ok, I don't have access to anything- cannot do sytem restore as computer needs to know what program created it. The only thing I do still have access to is the internet, for how long I don't know. As I said before, I have no antivirus capabilities. Will attempt to redownload AVG.
-
I just got word that there is a major problem with ComboFix. We will have to wait until they get everything sorted out then we can restore those files (hopefully).
-
@ blacksheep555.
Locate and attach the C:\QooBox\ComboFix-quarantined-files.txt file here please.
-
I don't understand what you're asking.
-
There is a file named ComboFix-quarantined-files.txt in C:\QooBox
Click the start button and then select My Computer then double click the C drive. It's in there.
-
Also do this please.
Click Start > Run > copy paste all of the text in the below Code box into the run box and then click OK.
cmd /c Copy /y "C:\Qoobox\Quarantine\c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe.vir" "c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe"
You should now have ComboFix back on your desktop. If not, stop and let me know.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
Dequarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile
C:\Qoobox\Quarantine\C\Documents and Settings
Quit::
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
I have the file just not sure how to get it to you, last time I had to chop it up into 4 or 5 posts.
[Saving space, attachment deleted by admin]
-
Okay hold on a second while I look it over. Wait till I give the go-ahead on the above instructions.
-
I'm so stupid. I'm sorry guys, you're dealing with a GREENHORN for sure.
-
It's not your fault. This shouldn't have happened. Your one of the unlucky few who ran CF while it had this bug.
Go ahead with the instructions from post # 28 now. http://www.computerhope.com/forum/index.php/topic,98595.msg669868.html#msg669868
-
Ok, be back soon (I hope) ::)
-
It might take a while since it will be restoring files. Just give it time to finish.
-
No, I don't have it back.
-
Okay go back into the Quarantine folder and right click on ComboFix.exe.vir. The file path is C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe.vir
Right click ComboFix.exe.vir and rename it to ComboFix.exe
Then right click combofix.exe and choose choose Cut.
Right click on your desktop and choose Paste.
You should now have ComboFix back on your desktop.
-
Ok, got it now. Continuing with instructions...
-
Okay. :)
-
Ok, I think I have everything back. Attaching quarantine log.
[Saving space, attachment deleted by admin]
-
Good job.
Scan your computer with Panda ActiveScan (http://www.pandasoftware.com/products/activescan.htm)
* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.
* Post the contents of the ActiveScan report in your next reply.
-
There is another issue that has come to light.
Please do this after (or before) the Panda scan. Just don't do it while running any scans.
Open notepad and copy/paste the text in the Codeebox below into it (but not the word quote):
attrib +h "c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\desktop.ini"
atrrib +h "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini"
attrib +h "c:\documents and settings\Administrator\Start Menu\Programs\Startup\desktop.ini"
attrib +h "c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini"Save this as fix.bat Choose to "Save type as - All Files"
Double click on fix.bat & allow it to run.
A reboot should confirm that the fix is complete.
-
Here are the ActiveScan log you requested. For as long as it took, I figured it would be bigger.
;**********************************************************************************
ANALYSIS: 2010-01-25 00:19:25
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 2
;*****************************************************************************************
PROTECTIONS
Description Version Active Updated
;==============================================================================
AVG Anti-Virus Free 9.0 Yes Yes
;==============================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===========================================================================
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.your-4dacd0ea75\cookies\hp_administrator@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.your-4dacd0ea75\cookies\[email protected][1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No c:\program files\online services\peoplepc\isp5900\dll\ras.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp29\a0012153.sys
03983016 Generic Malware Virus/Trojan No 0 Yes No c:\program files\updates from hp\9972322\program\interop.shdocvw.dll
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp29\a0012093.exe[32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp29\a0011508.exe[32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\documents and settings\hp_administrator.your-4dacd0ea75\desktop\combofix.exe[32788r22fwjfw\catchme.cfxxe]
;===========================================================================
SUSPECTS
Sent Location
;==========================================================================
No c:\hp\recovery\wizard\swr_wizard.exe
No c:\program files\online services\msn90\pkgs\en\us\msncli.exe[c:\program files\online services\msn90\pkgs\en\us\msncli.exe][mailares.dll]
;===========================================================================
VULNERABILITIES
Id Severity Description
;===========================================================================
-
That looks good. We will take care of those files now.
Download OTC by OldTimer (http://oldtimer.geekstogo.com/OTC.exe) and save it to your desktop.
1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.
----------
Disable/Enable the System Restore Utility to flush old infected restore points
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.
Now re-enable System Restore
To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
I will get on this. Didn't know if you needed this log from reboot:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
-
From the Desktop go to -> My Computer -> Local Disk (C:) -> Documents and Settings -> All Users -> Start Menu -> Programs -> and find a folder called Startup. Inside this folder is a 1 KB icon called desktop with a Note pad and a gear next to it. Right clicked it, to go to its properties and choose "Hidden."
-
Are ththose the only programs I need? I currently have: AVG 9.0,SUPERAntispyware, MalwareBytes, Advanced Systen Care, CCleaner, Startup Optimizer and Smart Defrag. Also, Should I, and how do I, delete ComboFix, HijackThis and all the crap left behind like the dequarantine log and such that saved themselves in more than one place?
-
Delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt
You can uninstall HijackThis in add/remove programs.
Everything else is okay to keep.
-
Ok, Thank you.
Is there any thing else that I need to post, or am I done?
-
That's it as long as the computer is running good.
-
Thank you so very much. I will be recommending this site to everyone I know. You have helped and taught me so much in the last few days. I am very happy I stumbled upon this site. You have made me feel like I was the TOP PRIORITY, even though I know that you just do what you do. That's cool.
Anyone who would have anything negative to say about this site either has to be deranged or spoiled little brats
A THOUSAND THOUSAND THANKS TO EVERY ONE OF YOU!
-
Your welcome. :)
Let us know if anything else comes up.
Safe surfing...