Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - wisdom_of_trees

Pages: [1] 2

Tech Clinic / Computer won't connect via ethernet

« on: July 14, 2016, 01:18:51 AM »

I am on a desktop running Windows 7. I always connect to the Internet via an ethernet cable, however my computer doesn\'t seem to be connecting today despite it running fine last night.

Currently whenever I attempt to connect, my network diagnosis says I am not connected and that no networks are available. My ethernet cable however is working as I tested it on my laptop, (after turning off its wifi) so both the modem and ethernet cable are working.

I have recycled my router, unplugged and changed ports, and triple checked to see that the cable itself is seated into the port but nothing seems to work.

Thanks in advance for any help.

Tech Clinic / can't remove coupondropdown

« on: December 10, 2012, 02:14:54 PM »

Hi Guestolo, don't worry about the delay. And you're right, there was an extension listed in the add-on's in Firefox. Even though I'd checked it previously over and over more than once. Online HD.TV was just hanging out. So far, everything seems to be in working order. Thanks for the help, I always appreciate it.

Tech Clinic / can't remove coupondropdown

« on: December 09, 2012, 07:57:35 PM »

My AdwCleaner report.

# AdwCleaner v2.100 - Logfile created 12/09/2012 at 18:20:03
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Elena - GANESH
# Boot Mode : Normal
# Running from : C:\Users\Elena\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6459 octets] - [07/12/2012 21:37:50]
AdwCleaner[S1].txt - [2967 octets] - [09/12/2012 17:20:38]
AdwCleaner[S2].txt - [1081 octets] - [09/12/2012 17:38:23]
AdwCleaner[S3].txt - [1013 octets] - [09/12/2012 18:20:03]

########## EOF - C:\AdwCleaner[S3].txt - [1073 octets] ##########

Unfortunately the problem still exists. The Online HDTV program that was associated with 1ClickDownload even reinstalled itself and I've uninstalled again. So far it doesn't seem to be coming back though.

Tech Clinic / can't remove coupondropdown

« on: December 08, 2012, 06:07:24 PM »

I uninstalled the OnlineHDTV that was associated with 1clickdownload. Also uninstalled AVG toolbar.

Online HDTV was listed in my control panel and I was able to uninstall it, however, the problem still persists. Specifically it's a highlighted hyperlink that randomly picks out certain words whenever I am in my browser and hovering over it displays a 'coupon' that will send me to another website. Right now AdBlock Plus will hide the hyperlinks, but I'd like to rid the program entirely from my computer. Other people have had luck uninstalling it through the add-on's manager in Firefox, however, it's not even listed there.

Here's an example of what I'm seeing. Pretty much all webpages have something similar.

Tech Clinic / can't remove coupondropdown

« on: December 07, 2012, 11:16:15 PM »

Thanks for getting back to me Guestolo.

My OTL Scans.

OTL logfile created on: 12/7/2012 8:58:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elena\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.94% Memory free
8.00 Gb Paging File | 6.39 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 54.86 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 1.89 Gb Total Space | 0.99 Gb Free Space | 52.59% Space Free | Partition Type: FAT
Drive J: | 931.51 Gb Total Space | 600.64 Gb Free Space | 64.48% Space Free | Partition Type: NTFS
Drive K: | 100.00 Mb Total Space | 59.68 Mb Free Space | 59.69% Space Free | Partition Type: NTFS

Computer Name: GANESH | User Name: Elena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/07 20:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
PRC - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/11/08 22:09:06 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/08 22:09:06 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/26 12:25:10 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/06/22 19:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/08 22:09:06 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/08 22:09:06 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 22:09:06 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/06 23:49:16 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/07/11 11:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/09/08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/11/30 12:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/05 20:55:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/25 16:44:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/08 22:09:06 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/30 12:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/10 13:05:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/22 19:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/07 02:59:55 | 000,031,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2012/11/08 22:09:06 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/10 18:58:57 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/24 00:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/07/03 08:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/09/08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3A1405E9-6900-4da2-A6FF-859098571985}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKLM\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 56 BE 59 0C 65 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={AA9F5BC9-B5D1-46BF-BFBC-50713A23D958}&mid=a32abadacf6847d18377bdb90fedb9f9-8c15f2695247cc170ad9d614b7e412d508be1fac&lang=en&ds=AVG&pr=fr&d=2012-09-27 22:09:33&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: info%40skymeissner.com:1.4
FF - prefs.js..extensions.enabledAddons: socialite%40chromakode:1.5.1
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B2a43f346-13de-4aad-adeb-00b61e5bcde3%7D:0.3.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.15
FF - prefs.js..extensions.enabledAddons: %7BB9A5DFD3-99A9-465d-87B0-A6922A7AFCD7%7D:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.4.0.11328
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elena\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elena\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Elena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/27 20:36:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 22:09:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\program files (x86)\mozilla firefox\components [2012/12/05 20:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\program files (x86)\mozilla firefox\plugins [2012/12/05 20:54:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\program files (x86)\mozilla firefox\components [2012/12/05 20:55:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\program files (x86)\mozilla firefox\plugins [2012/12/05 20:54:57 | 000,000,000 | ---D | M]

[2011/09/07 06:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Extensions
[2012/12/07 03:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions
[2012/11/01 08:59:10 | 000,000,000 | ---D | M] (Manilla) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\{B9A5DFD3-99A9-465d-87B0-A6922A7AFCD7}
[2012/11/25 16:51:02 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/05/24 16:05:07 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/07/25 07:34:54 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/01/12 10:15:16 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/10/19 18:27:18 | 000,150,303 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/05/08 09:29:42 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/11/25 16:50:35 | 000,215,985 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/06/22 13:16:31 | 000,089,561 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/01/26 18:06:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\[email protected]
[2012/03/06 09:02:46 | 000,008,796 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\{2a43f346-13de-4aad-adeb-00b61e5bcde3}.xpi
[2012/12/04 22:46:00 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/03/15 09:08:19 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2012/10/20 00:52:17 | 000,377,191 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/11/26 16:50:32 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/06 02:48:22 | 000,002,416 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\searchplugins\s-amazon-byskipity.xml
[2012/03/08 21:50:16 | 000,002,710 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\searchplugins\skipity-search.xml
[2012/01/15 19:47:09 | 000,001,539 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\dv0oo30z.default\searchplugins\thesaurus---referencecom.xml
[2012/12/05 20:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/05 20:54:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/05 20:55:04 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 06:10:53 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/11/08 22:09:09 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/01 06:10:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/20 00:02:34 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.skipity.com/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={AA9F5BC9-B5D1-46BF-BFBC-50713A23D958}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.skipity.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Elena\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Online HD TV = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.1_0\
CHR - Extension: Online HD TV = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Skype Click to Call = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: AVG Secure Search = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: AVG Secure Search = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BHO Class) - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVM, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Elena\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07B7562B-7089-424D-8FC1-C74D4DD25B25}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CDACE9-6611-42CC-9392-109E50BEEFFB}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 00:01:46 | 000,000,113 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/07 20:33:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2012/12/07 20:25:00 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\Lite - 0.4
[2012/12/07 13:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/07 13:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/07 13:13:27 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/12/07 13:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/12/07 13:12:22 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Programs
[2012/12/07 13:11:35 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Elena\Desktop\SpybotSD2.exe
[2012/12/07 03:46:26 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\SUPERAntiSpyware.com
[2012/12/07 03:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/12/07 03:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/12/07 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/12/07 03:46:12 | 022,476,304 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Elena\Desktop\SUPERAntiSpyware.exe
[2012/12/07 02:45:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Elena\Desktop\HijackThis.exe
[2012/12/06 23:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/12/06 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/12/06 23:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/12/06 23:47:53 | 009,605,768 | ---- | C] (SurfRight B.V.) -- C:\Users\Elena\Desktop\HitmanPro_x64.exe
[2012/12/06 13:26:29 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2012/12/06 13:26:26 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Apps
[2012/12/05 20:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mozilla firefox
[2012/12/04 22:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/04 22:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/30 23:18:40 | 000,000,000 | ---D | C] -- C:\Users\Elena\Documents\Crayon Physics Deluxe
[2012/11/30 23:17:03 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Crayon Physics Deluxe
[2012/11/30 23:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crayon Physics Deluxe
[2012/11/30 23:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crayon Physics Deluxe
[2012/11/30 23:15:10 | 030,832,030 | ---- | C] (Kloonigames, Ltd ) -- C:\Users\Elena\Desktop\crayon_release55.exe
[2012/11/26 13:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/14 03:16:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/14 03:16:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/14 03:06:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/14 03:06:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/14 03:06:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/14 03:06:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/14 03:06:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/14 03:06:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/14 03:06:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/14 03:06:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/14 03:06:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/14 03:06:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/14 03:06:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/14 03:06:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/14 03:05:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/14 03:05:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/14 03:05:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/14 03:02:26 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/14 03:02:26 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/14 03:02:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/14 03:02:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/13 15:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uSeeToo
[2012/11/13 15:28:09 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uSeeToo
[2012/11/13 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ambrosoft
[2012/11/13 12:13:43 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/13 12:13:43 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/13 12:13:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/13 12:13:35 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/13 12:13:35 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/13 12:13:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/13 12:13:35 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/13 12:13:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/13 12:13:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/13 12:13:15 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/13 12:13:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/11 19:20:50 | 000,000,000 | ---D | C] -- C:\Users\Elena\Documents\Calibre Library
[2012/11/11 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\calibre
[2012/11/11 19:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/11/11 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/11/10 22:06:46 | 000,000,000 | ---D | C] -- C:\!!DOCKLINKS!!
[2012/11/10 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\SYSTEMAX Software Development
[2012/11/10 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SYSTEMAX Software Development
[2011/09/13 15:58:59 | 000,683,792 | ---- | C] (RealNetworks, Inc.) -- C:\Users\Elena\RealPlayer.exe
[2011/09/12 21:07:57 | 000,926,560 | ---- | C] (DivX, LLC) -- C:\Users\Elena\DivXInstaller.exe
[2011/09/10 14:01:32 | 000,750,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Elena\install_flashplayer10_mssa_aih.exe
[2011/09/09 20:36:20 | 082,127,728 | ---- | C] (Apple Inc.) -- C:\Users\Elena\iTunes64Setup.exe
[2011/09/09 09:23:19 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Users\Elena\QuickTimeInstaller.exe
[2011/09/09 08:25:41 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Elena\SkypeSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/07 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/07 20:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2012/12/07 20:24:46 | 005,162,148 | ---- | M] () -- C:\Users\Elena\Desktop\Lite - 0.4.zip
[2012/12/07 20:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2186217244-2591811826-1173614624-1000UA.job
[2012/12/07 19:46:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 37d98b55-a267-444e-8d7e-caf4c2349f34.job
[2012/12/07 17:29:39 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/07 17:29:39 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/07 17:21:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4b4567be-ca19-48c9-a16d-c446b32d06e7.job
[2012/12/07 17:20:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/07 17:20:44 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/07 15:22:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2186217244-2591811826-1173614624-1000Core.job
[2012/12/07 13:13:55 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/12/07 13:11:50 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Elena\Desktop\SpybotSD2.exe
[2012/12/07 03:46:24 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/07 03:46:14 | 022,476,304 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Elena\Desktop\SUPERAntiSpyware.exe
[2012/12/07 02:59:55 | 000,031,048 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2012/12/07 02:45:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Elena\Desktop\HijackThis.exe
[2012/12/07

Tech Clinic / can't remove coupondropdown

« on: December 07, 2012, 05:29:58 AM »

Been awhile since the last time I had to come here. Usually I can take care of this stuff on my own, but this time it's a brain-bender. Thanks for looking. Hijack this log follows.

*Note that Hijackthis informs me that it can't access my HOSTS files*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:54:12 AM, on 12/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\program files (x86)\mozilla firefox\firefox.exe
C:\program files (x86)\mozilla firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\Elena\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Elena\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12164 bytes

Tech Clinic / Infected by Antivirus Live

« on: December 10, 2009, 10:58:16 AM »

Hey Guestolo! As always good to see that you're still here helping us out. I just found out that my friend's computer is a work computer and that he doesn't have admin rights to it. So...no downloading any software. (The idiot)

As always, thanks for getting back to me so promptly, you've always been incredibly helpful and I always pay a little towards your malware fight donations...but the holidays is making things a little tight at the moment...so I'll be sure to give some next year. ;p

Thanks again for everything! And take care!

Tech Clinic / Infected by Antivirus Live

« on: December 10, 2009, 09:31:51 AM »

[quote name=\'wisdom_of_trees\' post=\'466785\' date=\'Dec 10 2009, 12:25 AM\']I'm trying to help a friend with his computer. He's been infected by something called Antivirus Live and I've never seen anything like it.

I can't give you a HijackThis log, because the Trojan won't let me run it.
I can't run Malware-Bytes for the same reason. In fact I can't run anything.
Also, I can't access the registry from RUN.

Using the internet on the infected machine is high near impossible. I always have to TOOLS>INTERNET OPTIONS>LAN SETTINGS and disable the Proxy Server so that I can even get to seeing any webpage other than the one that takes me to where the Trojan wants me to purchase the software that can take the virus off the machine. And then I have to do that, over and over because it resets it.

I'm getting really frustrated and I'm not sure what to do. Any help is always appreciated of course.

Thanks![/quote]

UPDATE

I've managed to access the Windows Task Manager and the Registry Editor; however, I still cannot open or use Hijack This or any other files.

Tech Clinic / Infected by Antivirus Live

« on: December 10, 2009, 02:25:43 AM »

I'm trying to help a friend with his computer. He's been infected by something called Antivirus Live and I've never seen anything like it.

I can't give you a HijackThis log, because the Trojan won't let me run it.
I can't run Malware-Bytes for the same reason. In fact I can't run anything.
Also, I can't access the registry from RUN.

Using the internet on the infected machine is high near impossible. I always have to TOOLS>INTERNET OPTIONS>LAN SETTINGS and disable the Proxy Server so that I can even get to seeing any webpage other than the one that takes me to where the Trojan wants me to purchase the software that can take the virus off the machine. And then I have to do that, over and over because it resets it.

I'm getting really frustrated and I'm not sure what to do. Any help is always appreciated of course.

Thanks!

Tech Clinic / Computer shuts off...on its own

« on: November 04, 2009, 09:06:40 AM »

My computer keeps shutting off on its own. No, log off process...just dead. I'd like to make sure if it's a software issue before anything else. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:23 AM, on 11/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Home Typist] "C:\Program Files\Invention Pilot\Home Typist\HTypist.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.proxy.uwlib.uwyo.ed...s/ebraryRdr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {47B863BD-9069-43B1-A1BA-C7B73953697A} (SDD2MS Control) - http://partners.sonypictures.com/activex/m...1108/SDD2MS.CAB
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

--
End of file - 11229 bytes

Hardware / Computer not recognizing RCA input

« on: November 16, 2008, 11:05:51 PM »

I have a HP Pavillion Media Center m8100e with RCA jacks in the front. At the moment I'm trying to upload video from my camcorder; however the computer doesn't seem to recognize the RCA connection. I suppose I could just break down and purchase a 4 pin firewire cable, however, I would like to get this to work as I have other electronics I would like to plug in via RCA input.

Thanks for taking the time to read this.

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 02:12:02 PM »

C:\WINDOWS\Fonts\xfapft.bak1 moved successfully.
C:\WINDOWS\Fonts\xfapft.bak2 moved successfully.
C:\WINDOWS\Fonts\mcrh.tmp moved successfully.
C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin moved successfully.
C:\Documents and Settings\Guest\Application Data\tizupd.bin moved successfully.
C:\Documents and Settings\Heather\Application Data\tizupd.bin moved successfully.
C:\Documents and Settings\Guest\Application Data\tizhook.bin moved successfully.
C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin moved successfully.
C:\Documents and Settings\Heather\Application Data\tizhook.bin moved successfully.
C:\WINDOWS\SYSTEM\apas.bak1 moved successfully.
C:\WINDOWS\SYSTEM\apas.bak2 moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\winupdt.exe not found.
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILIAROOM-Zach).job moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1 moved successfully.
C:\WINDOWS\wt\wtupdates\webd moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19 moved successfully.
C:\WINDOWS\wt\wtupdates\DRM moved successfully.
C:\WINDOWS\wt\wtupdates moved successfully.
C:\WINDOWS\wt moved successfully.
C:\Program Files\WildTangent\LicenseStores\WT moved successfully.
C:\Program Files\WildTangent\LicenseStores moved successfully.
C:\Program Files\WildTangent\Components moved successfully.
C:\Program Files\WildTangent\Apps moved successfully.
C:\Program Files\WildTangent moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05262008_130250

05/26/08 13:05:07 [Info]: BlackLight Engine 1.0.70 initialized
05/26/08 13:05:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/26/08 13:05:07 [Note]: 7019 4
05/26/08 13:05:07 [Note]: 7005 0
05/26/08 13:05:10 [Note]: 7006 0
05/26/08 13:05:10 [Note]: 7011 1676
05/26/08 13:05:10 [Note]: 7035 0
05/26/08 13:05:10 [Note]: 7026 0
05/26/08 13:05:10 [Note]: 7026 0
05/26/08 13:05:12 [Note]: FSRAW library version 1.7.1024
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:15:10 [Note]: 7007 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:45 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199658369254
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3911 bytes

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 01:26:03 PM »

The Avira Antivirus Log:

Avira AntiVir Personal
Report file date: Monday, May 26, 2008 11:40

Scanning for 1292849 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: FAMILIAROOM

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 17:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 16:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 16:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 16:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 18:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 21:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 5/17/2008 17:26:13
ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 5/26/2008 17:26:16
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 17:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 5/26/2008 17:26:34
AESCN.DLL : 8.1.0.18 119156 Bytes 5/26/2008 17:26:32
AERDL.DLL : 8.1.0.20 418165 Bytes 5/26/2008 17:26:31
AEPACK.DLL : 8.1.1.5 364918 Bytes 5/26/2008 17:26:29
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 5/26/2008 17:26:27
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 5/26/2008 17:26:26
AEHELP.DLL : 8.1.0.14 115063 Bytes 5/26/2008 17:26:22
AEGEN.DLL : 8.1.0.21 303477 Bytes 5/26/2008 17:26:21
AEEMU.DLL : 8.1.0.6 430451 Bytes 5/26/2008 17:26:19
AECORE.DLL : 8.1.0.29 168311 Bytes 5/26/2008 17:26:17
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 01:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 18:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 21:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 01:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 16:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 01:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 01:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 20:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 22:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 20:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, May 26, 2008 11:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\winupdt.exe
[DETECTION] Is the Trojan horse TR/WinlogonHook.C
[NOTE] The file was moved to '48a8f695.qua'!

The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Meghan\Application Data\FÎ¿nts\svchost(2).exe
[DETECTION] Is the Trojan horse TR/Dldr.IZP
[NOTE] The file was moved to '489df787.qua'!
C:\Documents and Settings\Meghan\Application Data\FÎ¿nts\svchost.exe
[DETECTION] Is the Trojan horse TR/Spy.Winspool
[NOTE] The file was moved to '489df78a.qua'!
C:\Documents and Settings\Meghan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3197ec81-676f5aa9.zip

Archive type: ZIP

--> GetAccess.class
[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ
--> Installer.class
[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AK
--> NewSecurityClassLoader.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.2
--> NewURLClassLoader.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.3
[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ
[NOTE] The file was moved to '48b0f79a.qua'!
C:\Documents and Settings\Meghan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-47c9e069.zip

Archive type: ZIP

--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B.1
[NOTE] The file was moved to '48a7f7b2.qua'!
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\Q3SR6XAJ\paramlist[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '48acf92e.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CA7QMP33.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4871fa7a.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CA8LAR45.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4872fa85.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CAB6AH77.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '487cfa88.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CAGXYZG1.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4881fa8b.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CANYOJ3D.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4888fa8d.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CASDAJIF.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '488dfa8f.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CASDMJKX.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '488dfa92.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CATKWJ9X.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '488efa94.qua'!
C:\My Downloads\the whistle song.rar

Archive type: RAR

--> Setup_toolBar.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.nj
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.nj.1
[NOTE] The file was moved to '489ffbab.qua'!
C:\QooBox\Quarantine\catchme2008-05-25_213513.27.zip

Archive type: ZIP

--> bupagfsv.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> cgxshnlr.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> cqynikjo(2).dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> ecoibhca.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> ewrgqcam.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> hponbbab.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> jnhhgvei.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> llcqfxbe.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> nlummfhg.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> nuogsefg.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> nyaofvsu.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> stawxslq.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.D
[NOTE] The file was moved to '48aeff3a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Guest\Application Data\CROSOF~1.NET\tracert.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.IZP
[NOTE] The file was moved to '489bff4f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Heidrichs\Desktop\WinAntiVirusPro2007FreeInstall.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.WinFixer.Z.2
[NOTE] The file was moved to '48a8ff4a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Heidrichs\My Documents\ASKS~1\wuauboot.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Winspool
[NOTE] The file was moved to '489bff58.qua'!
C:\QooBox\Quarantine\C\Program Files\Common Files\DriveCleaner Free\udcpas.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.WinFixer.E
[NOTE] The file was moved to '489dff4b.qua'!
C:\QooBox\Quarantine\C\Program Files\DriveCleaner Free\UDC6cw.exe.vir
[DETECTION] Is the Trojan horse TR/Fakealert.FB.2
[NOTE] The file was moved to '487dff2d.qua'!
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.FK
[NOTE] The file was moved to '488fff55.qua'!
C:\QooBox\Quarantine\C\Program Files\VSAdd-in\VSAdd-in_1.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.ACL
[NOTE] The file was moved to '487bff41.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ahjrcddj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48a4ff59.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\apolbjwv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a9ff63.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bmakubfe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489bff62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bupagfsv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48aaff6c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cgxshnlr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48b2ff60.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cmavpugg.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489bff68.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cqdlquof.dll.vir
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.CC Backdoor server programs
[NOTE] The file was moved to '489eff6f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cqynikjo(2).dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48b3ff71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ecoibhca.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a9ff65.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\epxkflwo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48b2ff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ewrgqcam.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48acff7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eybsoxaa.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489cff81.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ghfkuufp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a0ff71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ghiaudje.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.G.2
[NOTE] The file was moved to '48a3ff71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hponbbab.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a9ff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hthkulpo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a2ff7d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\icrlispu.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48acff6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ikmmcxdd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a7ff75.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jnhhgvei.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a2ff78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jumrvnja.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a7ff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jwdesgvt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489eff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jxslvyca.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48adff83.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kuqigkob.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48abff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lhrvtxdj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48acff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lkfpwncu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a0ff77.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\llcqfxbe.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489dff78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lsnhtnbc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a8ff7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lwkgdsrq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48a5ff84.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lxqhwpkf.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48abff85.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mjhnsadh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a2ff77.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mxdpbkva.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489eff86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nlummfhg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48afff7a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nuogsefg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a9ff83.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nyaofvsu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489bff87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\owejeude.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '489fff86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oxcprsrs.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489dff87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pcthkyfd.dll.vir
[DETECTION] Is the Trojan horse TR/Juan.H
[NOTE] The file was moved to '48aeff72.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pdwpdqrv.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '48b1ff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qvbtpuxn.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[NOTE] The file was moved to '489cff86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rpyadfak.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[NOTE] The file was moved to '48b3ff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rqwiwnvc.dll.vir
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[NOTE] The file was moved to '48b1ff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rvmosebi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a7ff87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\stawxslq.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489bff85.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\system.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.d
[NOTE] The file was moved to '48adff8a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tbdpicev.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '489eff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uafkdago.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a0ff73.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uguirwiw.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '48afff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\umtqilca.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48aeff7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uoiqeeeu.dll.vir
[DETECTION] Is the Trojan horse TR/QuerySpy
[NOTE] The file was moved to '48a3ff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uqkqjvvn.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49352055.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uvsdxdka.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48adff89.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtsqn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.BQ
[NOTE] The file was moved to '48adff88.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vustxgvt.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '493d205a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vybiefwf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489cff8d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vyburvca.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '490c205e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wdlgbbia.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a6ff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wkkrgswq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a5ff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wopadufe.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48aaff84.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xaarkfqc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489bff76.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xbmddoqf.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.VBStat.H
[NOTE] The file was moved to '48a7ff78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xcxwxxrf.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.G.2
[NOTE] The file was moved to '48b2ff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xdhnmmsd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a2ff7a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214903.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.FK
[NOTE] The file was moved to '486cffb4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214922.exe
[DETECTION] Is the Trojan horse TR/Crypt.d
[NOTE] The file was moved to '486cffb5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214940.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '49e27f96.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214949.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '486cffb6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214952.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '49e27f97.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214964.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '486cffb8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214967.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49e27f99.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214969.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[NOTE] The file was moved to '486cffb7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214974.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49e27f98.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214977.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '486cffb9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214980.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49e27f9a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214983.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '486cffba.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215025.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215026.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9c.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215027.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215028.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9e.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215029.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9b.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215030.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215031.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9d.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215032.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215033.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27fe0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215034.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffc1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215035.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27fe2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215036.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbe.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215506.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486cffce.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215507.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffcf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215508.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49e27ff0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215509.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215510.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49e27ff1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215511.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215512.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '49e27ff2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215513.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486cffd2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215514.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49e27ff3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215515.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215516.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215517.exe
[DETECTION] Contains detection pattern of the dropper DR/Comet.BB.3
[NOTE] The file was moved to '49e27ff4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215518.exe
[DETECTION] Contains detection pattern of the dropper DR/Toolbar.404Search.H
[NOTE] The file was moved to '486cffd5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215526.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ff5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215527.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ff6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215528.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215529.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ff8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215530.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215531.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215532.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.3
[NOTE] The file was moved to '49e27ff7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215534.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215535.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS
[NOTE] The file was moved to '49e27ff9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215537.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffa.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215538.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS
[NOTE] The file was moved to '486cffdb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215539.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215540.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.3
[NOTE] The file was moved to '486cffdd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215542.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.1
[NOTE] The file was moved to '486cffda.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215543.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215544.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffdc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215545.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffe.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215547.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.1
[NOTE] The file was moved to '486cffdf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215548.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '49e27fc0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215549.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215550.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27ffd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215551.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffde.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215552.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fff.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215553.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0020.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215554.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215555.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215556.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215557.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215558.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e28001.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215559.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0022.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215560.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e28003.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215561.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0024.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215562.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215563.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215564.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215565.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215566.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e28005.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215567.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0026.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215568.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.3
[NOTE] The file was moved to '49e28007.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215569.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.3
[NOTE] The file was moved to '486c0028.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215570.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[NOTE] The file was moved to '49e27fca.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215571.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffeb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215572.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.3
[NOTE] The file was moved to '49e27fcc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215573.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffed.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215574.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215575.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215576.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215579.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fce.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215587.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffef.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215591.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215592.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215593.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffe4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215594.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215595.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffe6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215601.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cfff1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215602.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215608.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cfff3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215611.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215614.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffe8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215615.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215619.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffea.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215621.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215622.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cfff5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215623.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215624.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215625.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fcb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215626.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cffec.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215627.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fcd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215628.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cffee.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215629.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215630.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215631.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fda.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215632.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfffb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215633.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fcf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215634.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215635.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215636.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215637.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fdc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215638.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfffd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215639.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fde.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215640.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cffff.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215641.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215642.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215643.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215644.dll
[DETECTION] Is the Trojan horse TR/BHO.G.3
[NOTE] The file was moved to '486cfff6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215645.dll
[DETECTION] Is the Trojan horse TR/BHO.G.3
[NOTE] The file was moved to '49e38020.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215646.dll
[DETECTION] Is the Trojan horse TR/Spy.Goldu.FT.1.A
[NOTE] The file was moved to '486d0001.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215647.sys
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Haxdoor.V.3.A Backdoor server programs
[NOTE] BDS/Haxdoor.V.3.A:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify//pptp32]
[NOTE] The file was moved to '49e38022.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215649.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[NOTE] The file was moved to '486d0003.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1079\A0218032.dll
[DETECTION] Is the Trojan horse TR/BHO.AKY
[NOTE] The file was moved to '49e38024.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081\A0218108.exe
[DETECTION] Is the Trojan horse TR/WinlogonHook.C
[NOTE] The file was moved to '486d0009.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081\A0218109.exe
[DETECTION] Is the Trojan horse TR/Dldr.IZP
[NOTE] The file was moved to '49e3802a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081\A0218110.exe
[DETECTION] Is the Trojan horse TR/Spy.Winspool
[NOTE] The file was moved to '486d000b.qua'!
C:\WINDOWS\SYSTEM32\efccbyx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '489e016d.qua'!
C:\WINDOWS\SYSTEM32\eiliartp.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[NOTE] The file was moved to '48a70170.qua'!
C:\WINDOWS\SYSTEM32\jkkjiij.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a6017b.qua'!
C:\WINDOWS\SYSTEM32\jkklmnm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '492b79fc.qua'!
C:\WINDOWS\SYSTEM32\nbspgljm.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ae017e.qua'!
C:\WINDOWS\SYSTEM32\pptp32.dll
[DETECTION] Is the Trojan horse TR/Spy.Goldu.FT.1.A
[NOTE] The file was moved to '48af0193.qua'!
C:\WINDOWS\SYSTEM32\rqrromm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ad0197.qua'!
C:\WINDOWS\SYSTEM32\vtutqrr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48b001a4.qua'!

End of the scan: Monday, May 26, 2008 12:29
Used time: 48:12 min

The scan has been done completely.

8187 Scanning directories
201914 Files were scanned
239 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
223 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
201675 Files not concerned
3628 Archives were scanned
2 Warnings
223 Notes

The Combo Fix Log

ComboFix 08-05-25.5 - Heidrichs 2008-05-26 11:32:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.281 [GMT -6:00]
Running from: C:\Documents and Settings\Heidrichs\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C421.lfa
2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C420.lfa
2008-05-26 11:31 . 2008-05-26 11:31   <DIR>   d--------   C:\327882R2FWJFW
2008-05-26 11:31 . 2004-08-04 05:00   388,608   --a------   C:\WINDOWS\SYSTEM32\CF11261.exe
2008-05-26 11:25 . 2008-05-26 11:25   <DIR>   d--------   C:\Program Files\Avira
2008-05-26 11:25 . 2008-05-26 11:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-05-26 03:01 . 2008-05-26 03:01   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-05-26 03:01 . 2008-05-26 03:01   206   --a------   C:\WINDOWS\SYSTEM32\MRT.INI
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\SUPERAntiSpyware.com
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 00:38 . 2008-05-26 00:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\Malwarebytes
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:17 . 2008-05-25 22:17   449,462   --a------   C:\HaxFix.exe
2008-05-25 21:51 . 2007-07-09 07:09   584,192   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-05-24 21:10 . 2008-05-24 21:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-23 22:23 . 2008-05-23 22:23   4,286   --a------   C:\WINDOWS\SYSTEM32\Jamster.ico
2008-05-13 05:50 . 2008-05-24 20:18   5,430   --a------   C:\WINDOWS\SYSTEM32\rloci.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 06:34   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-05-26 06:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-05-26 06:30   ---------   d-----w   C:\Program Files\WildTangent
2008-05-26 06:30   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-26 06:27   ---------   d-----w   C:\Program Files\iMesh Applications
2008-05-26 03:03   903,890   --sh--w   C:\WINDOWS\Fonts\xfapft.bak1
2008-05-25 03:02   821,289   --sh--w   C:\WINDOWS\Fonts\xfapft.bak2
2008-05-12 02:52   ---------   d-----w   C:\Documents and Settings\Heidrichs\Application Data\Corel
2008-04-23 04:41   0   -c--a-w   C:\WINDOWS\Fonts\mcrh.tmp
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12   151,583   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47   1,845,248   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2007-01-23 01:24   337,290   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
2007-01-01 05:00   337,290   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizupd.bin
2006-11-14 01:10   337,290   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizupd.bin
2005-12-05 05:50   280,064   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizhook.bin
2005-09-12 23:19   280,064   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
2005-08-19 07:05   280,064   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizhook.bin
2006-11-17 02:38   751,332   -csh--w   C:\WINDOWS\SYSTEM\apas.bak1
2006-11-23 02:19   765,400   -csh--w   C:\WINDOWS\SYSTEM\apas.bak2
.

((((((((((((((((((((((((((((( snapshot_2008-05-26_10.46.26.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 06:35:55   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-05-26 17:25:33   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-05-26 06:35:55   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-26 17:25:33   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-22 00:12:56   41,792   ----a-w   C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys
+ 2008-01-22 00:11:28   22,336   ----a-w   C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys
+ 2008-03-04 19:28:53   79,424   ----a-w   C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
+ 2007-03-01 16:34:22   28,352   ----a-w   C:\WINDOWS\

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 11:48:12 AM »

ComboFix 08-05-25.3 - Heidrichs 2008-05-26 10:42:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.312 [GMT -6:00]
Running from: C:\Documents and Settings\Heidrichs\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qgykaetf.ini
C:\WINDOWS\system32\qvbtpuxn.dll
C:\WINDOWS\system32\rdvshalh.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C421.lfa
2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C420.lfa
2008-05-26 03:01 . 2008-05-26 03:01   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-05-26 03:01 . 2008-05-26 03:01   206   --a------   C:\WINDOWS\SYSTEM32\MRT.INI
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\SUPERAntiSpyware.com
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 00:38 . 2008-05-26 00:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\Malwarebytes
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:17 . 2008-05-25 22:17   449,462   --a------   C:\HaxFix.exe
2008-05-25 21:51 . 2007-07-09 07:09   584,192   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-05-24 21:10 . 2008-05-24 21:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-23 22:23 . 2008-05-23 22:23   4,286   --a------   C:\WINDOWS\SYSTEM32\Jamster.ico
2008-05-13 05:50 . 2008-05-24 20:18   5,430   --a------   C:\WINDOWS\SYSTEM32\rloci.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 06:34   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-05-26 06:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-05-26 06:30   ---------   d-----w   C:\Program Files\WildTangent
2008-05-26 06:30   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-26 06:27   ---------   d-----w   C:\Program Files\iMesh Applications
2008-05-26 03:03   903,890   --sh--w   C:\WINDOWS\Fonts\xfapft.bak1
2008-05-25 03:02   821,289   --sh--w   C:\WINDOWS\Fonts\xfapft.bak2
2008-05-12 02:52   ---------   d-----w   C:\Documents and Settings\Heidrichs\Application Data\Corel
2008-04-23 04:41   0   -c--a-w   C:\WINDOWS\Fonts\mcrh.tmp
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12   151,583   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47   1,845,248   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2007-01-23 01:24   337,290   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
2007-01-01 05:00   337,290   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizupd.bin
2006-11-14 01:10   337,290   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizupd.bin
2005-12-05 05:50   280,064   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizhook.bin
2005-09-12 23:19   280,064   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
2005-08-19 07:05   280,064   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizhook.bin
2006-11-17 02:38   751,332   -csh--w   C:\WINDOWS\SYSTEM\apas.bak1
2006-11-23 02:19   765,400   -csh--w   C:\WINDOWS\SYSTEM\apas.bak2
.

((((((((((((((((((((((((((((( snapshot@2008-05-25_21.41.47.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-28 01:14:56   174,592   ----a-w   C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
+ 2005-06-10 04:06:01   139,528   ----a-w   C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
+ 2005-08-30 04:13:42   1,287,680   ----a-w   C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll
+ 2006-11-27 15:17:10   539,136   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:17:10   433,664   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2006-10-12 13:54:18   42,496   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
+ 2006-10-12 13:54:18   57,344   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
+ 2006-10-12 11:54:07   256,512   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-16 10:29:15   248,320   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
+ 2006-08-16 12:08:32   100,352   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39   225,664   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-14 12:00:42   332,928   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-10-13 12:41:38   64,000   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38   142,336   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12   163,456   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38   65,536   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:37:49   726,528   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:37:49   337,408   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:37:49   132,096   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2007-03-08 15:48:36   282,112   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:36   40,960   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:36   578,048   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 13:49:49   1,843,968   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-19 13:59:58   713,216   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
+ 2006-10-16 17:14:17   122,880   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2006-12-26 13:18:55   536,576   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:18:55   180,224   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 13:18:55   200,704   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:18:55   102,400   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2006-12-19 18:47:14   333,824   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
+ 2006-12-19 21:50:10   8,458,752   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:50:10   135,168   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:10:56   248,320   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
+ 2007-05-16 15:32:55   86,528   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55   683,520   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56   1,314,816   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56   510,976   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56   85,504   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:45:03   292,864   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36   574,976   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:19:14   185,344   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-02-28 09:53:04   2,137,600   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 09:15:56   2,059,392   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:15:59   2,017,280   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:55:14   2,182,144   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
+ 2007-03-09 13:58:57   57,344   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:28:00   248,320   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2007-07-18 10:33:06   60,416   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
+ 2007-04-16 16:07:27   986,112   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22   144,896   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12   1,104,896   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23   364,160   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-06-26 15:16:01   851,968   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03   1,033,216   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-08-21 06:25:02   683,520   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-30 16:53:32   360,832   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27   1,845,888   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:29:10   551,936   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47   727,040   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13   450,560   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13   417,792   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-11-13 08:47:45   20,480   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35   147,968   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36   45,568   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59   179,712   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-02-16 09:32:03   1,024,000   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03   151,040   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03   1,054,208   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04   357,888   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04   205,312   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04   55,808   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53   18,432   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04   251,904   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04   96,256   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04   16,384   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06   3,066,880   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06   449,024   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06   146,432   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07   532,480   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07   39,424   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08   1,499,136   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08   474,112   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08   618,496   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09   666,112   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21   351,744   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43   282,624   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2008-01-23 04:56:21   554,008   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11   518,944   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11   326,432   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11   1,516,568   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11   355,112   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13   151,583   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12   60,192   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12   248,608   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12   219,936   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12   355,104   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13   432,928   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13   322,336   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13   559,904   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13   264,992   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13   838,432   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14   621,344   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14   355,104   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2004-08-04 11:00:00   176,512   -c----w   C:\WINDOWS\$NtUninstallKB885835$\rdbss.sys
+ 2004-08-04 11:00:00   139,400   -c----w   C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys
+ 2004-08-04 11:00:00   1,287,680   -c----w   C:\WINDOWS\$NtUninstallKB904706$\quartz.dll
+ 2004-08-04 11:00:00   41,984   -c----w   C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
+ 2005-04-22 05:06:42   57,344   -c----w   C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
+ 2004-08-04 11:00:00   256,512   -c----w   C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
+ 2006-06-23 08:34:35   24,576   -c----w   C:\WINDOWS\$NtUninstallKB920213$\xpsp3res.dll
+ 2004-08-04 11:00:00   100,352   -c----w   C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB922819$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00   223,616   -c----w   C:\WINDOWS\$NtUninstallKB922819$\tcpip6.sys
+ 2004-08-04 11:00:00   611,328   -c----w   C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
+ 2005-10-12 23:12:26   213,216   -c----w   C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34   371,424   -c----w   C:\WINDOWS\$NtUninstallKB923191$\spuninst\updspapi.dll
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB923414$\spuninst\updspapi.dll
+ 2006-04-21 06:12:27   332,800   -c----w   C:\WINDOWS\$NtUninstallKB923414$\srv.sys
+ 2004-08-04 11:00:00   144,384   -c----w   C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
+ 2006-07-14 15:31:39   332,288   -c----w   C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll
+ 2005-10-12 23:12:26   213,216   -c----w   C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34   371,424   -c----w   C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00   132,096   -c----w   C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
- 2005-02-11 21:15:18   1,257,472   -c--a-w   C:\WINDOWS\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-26 09:03:56   1,265,664   ----a-w   C:\WINDOWS\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-08-10 19:11:14   1,224,704   -c--a-w   C:\WINDOWS\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-26 09:03:56   1,232,896   ----a-w   C:\WINDOWS\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-26 09:04:03   61,440   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_70cb5017\CustomMarshalers.dll
+ 2008-05-26 09:04:19   3,391,488   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\1.0.5000.0__b77a5c561934e089_e9ac939e\mscorlib.dll
+ 2008-05-26 09:04:16   1,470,464   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ee7761d9\System.Design.dll
+ 2008-05-26 09:04:04   90,112   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6ed80b9a\System.Drawing.Design.dll
+ 2008-05-26 09:04:17   835,584   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8c18d152\System.Drawing.dll
+ 2008-05-26 09:04:09   3,018,752   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3fd028e2\System.Windows.Forms.dll
+ 2008-05-26 09:04:13   2,088,960   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8239dd21\System.Xml.dll
+ 2008-05-26 09:04:03   1,966,080   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2d10014d\System.dll
- 2008-05-26 03:37:52   2,048   --s-a-w   C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-26 12:06:31   2,048   --s-a-w   C:\WINDOWS\BOOTSTAT.DAT
+ 2005-10-18 17:37:06   33,147,536   ----a-w   C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\QuickTimeInstaller.exe
- 2005-03-02 00:57:44   2,135,552   -c----w   C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
+ 2007-02-28 09:08:48   2,136,064   ------w   C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
- 2005-03-02 00:34:40   2,056,832   -c----w   C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
+ 2007-02-28 08:38:55   2,057,600   ------w   C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
- 2005-03-02 00:34:42   2,015,232   -c----w   C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
+ 2007-02-28 08:38:57   2,015,744   ------w   C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
- 2005-03-02 00:59:53   2,179,328   -c----w   C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
+ 2007-02-28 09:10:57   2,180,352   ------w   C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
- 2004-08-04 11:00:00   1,032,192   ----a-w   C:\WINDOWS\EXPLORER.EXE
+ 2007-06-13 10:23:07   1,033,216   ----a-w   C:\WINDOWS\explorer.exe
- 2005-05-04 21:33:52   1,077,312   -c--a-w   C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2006-08-21 21:57:14   1,077,321   ----a-w   C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2005-01-20 21:39:25   45,056   ----a-r   C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe
+ 2005-01-20 21:37:30   57,344   ----a-r   C:\WINDOWS\Installer\{AF19F291-F22F-4798-9662-525305AE9E48}\QPWShortcut.exe
+ 2008-05-26 09:01:58   32,768   ----a-r   C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-05-26 06:39:23   18,944   ----a-r   C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-26 06:39:23   65,024   ----a-r   C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2004-07-15 07:49:16   258,048   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 03:30:52   258,048   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 07:49:22   32,768   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 03:30:52   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 06:32:22   81,920   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 02:57:52   81,920   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 01:09:14   86,016   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORIE.DLL
+ 2007-04-14 02:57:58   86,016   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 06:25:06   315,392   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
+ 2007-04-14 02:56:30   315,392   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:33:04   102,400   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORLD.DLL
+ 2007-04-14 02:58:00   102,400   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 20:29:02   2,138,112   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORLIB.DLL
+ 2007-04-14 02:50:46   2,142,208   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 01:09:18   77,824   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORSN.DLL
+ 2007-04-14 02:58:02   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 06:26:52   2,510,848   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORSVR.DLL
+ 2007-04-14 02:57:00   2,523,136   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 06:28:34   2,502,656   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORWKS.DLL
+ 2007-04-14 02:57:28   2,514,944   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-06-22 19:52:22   106,496   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 22:11:26   73,728   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 07:49:16   258,048   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_aspnet_isapi.dll
+ 2004-07-15 06:32:22   81,920   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_CORPerfMonExt.dll
+ 2004-07-15 06:24:30   282,624   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_FUSION.DLL
+ 2004-07-15 06:25:06   315,392   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORJIT.DLL
+ 2004-07-15 20:29:02   2,138,112   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORLIB.DLL
+ 2003-02-21 01:09:18   77,824   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORSN.DLL
+ 2004-07-15 06:26:52   2,510,848   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORSVR.DLL
+ 2004-07-15 06:28:34   2,502,656   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORWKS.DLL
+ 2003-02-21 10:42:22   348,160   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSVCR71.DLL
+ 2004-07-15 06:34:50   94,208   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_PerfCounter.dll
- 2004-07-15 20:31:16   1,224,704   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 03:35:38   1,232,896   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 13:20:12   1,257,472   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 03:35:46   1,265,664   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2004-08-04 11:00:00   41,984   -c--a-w   C:\WINDOWS\MSAGENT\AGENTDP2.DLL
+ 2006-10-12 14:02:52   42,496   ----a-w   C:\WINDOWS\MSAGENT\agentdp2.dll
- 2005-04-22 05:06:42   57,344   -c--a-w   C:\WINDOWS\MSAGENT\agentdpv.dll
+ 2007-03-09 13:46:24   57,344   ----a-w   C:\WINDOWS\MSAGENT\agentdpv.dll
- 2004-08-04 11:00:00   256,512   -c--a-w   C:\WINDOWS\MSAGENT\AGENTSVR.EXE
+ 2006-10-12 11:09:53   256,512   ----a-w   C:\WINDOWS\MSAGENT\agentsvr.exe
+ 2004-08-04 11:00:00   237,568   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2004-09-15 18:27:54   221,184   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-08-04 11:00:00   100,352   ----a-w   C:\WINDOWS\SYSTEM32\6TO4SVC.DLL
+ 2006-08-16 11:58:05   100,352   ----a-w   C:\WINDOWS\SYSTEM32\6to4svc.dll
- 2006-06-23 11:02:49   1,022,976   ----a-w   C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-02-16 08:59:34   1,023,488   ----a-w   C:\WINDOWS\SYSTEM32\browseui.dll
- 2006-06-23 11:02:49   151,040   ----a-w   C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-02-16 08:59:35   151,040   ----a-w   C:\WINDOWS\SYSTEM32\cdfview.dll
- 2004-08-04 11:00:00   611,328   ----a-w   C:\WINDOWS\SYSTEM32\COMCTL32.DLL
+ 2006-08-25 15:45:58   617,472   ----a-w   C:\WINDOWS\SYSTEM32\comctl32.dll
- 2008-05-26 03:37:53   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-05-26 06:35:55   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-05-26 03:37:53   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-26 06:35:55   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-26 03:37:53   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-26 06:35:55   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-23 11:02:50   1,054,208   ----a-w   C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-02-16 08:59:35   1,054,208   ----a-w   C:\WINDOWS\SYSTEM32\danim.dll
- 2004-08-04 11:00:00   100,352   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\6to4svc.dll
+ 2006-08-16 11:58:05   100,352   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\6to4svc.dll
- 2004-08-04 11:00:00   41,984   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdp2.dll
+ 2006-10-12 14:02:52   42,496   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdp2.dll
- 2005-04-22 05:06:42   57,344   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdpv.dll
+ 2007-03-09 13:46:24   57,344   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdpv.dll
- 2004-08-04 11:00:00   256,512   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentsvr.exe
+ 2006-10-12 11:09:53   256,512   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentsvr.exe
- 2006-06-23 11:02:49   1,022,976   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-02-16 08:59:34   1,023,488   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
- 2006-06-23 11:02:49   151,040   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-02-16 08:59:35   151,040   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
- 2004-08-04 11:00:00   611,328   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\comctl32.dll
+ 2006-08-25 15:45:58   617,472   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\comctl32.dll
- 2006-06-23 11:02:50   1,054,208   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
+ 2008-02-16 08:59:35   1,054,208   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
- 2004-08-04 11:00:00   561,179   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
+ 2008-03-25 04:50:25   554,008   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
- 2004-08-04 11:00:00   81,408   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\directdb.dll
+ 2007-05-16 15:12:00   86,528   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\directdb.dll
- 2006-06-26 17:37:10   148,480   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43   148,992   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43   45,568   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
+ 2006-08-22 10:05:26   498,742   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxmasf.dll
- 2006-06-23 11:02:50   357,888   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-02-16 08:59:35   357,888   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-06-23 11:02:50   205,312   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-02-16 08:59:35   205,312   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-06-13 10:23:07   1,033,216   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
- 2006-06-23 11:02:50   55,808   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-02-16 08:59:35   55,808   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2005-12-29 02:54:35   280,064   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
+ 2008-02-20 06:51:05   282,624   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
- 2006-06-23 08:35:52   18,432   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2008-02-15 09:23:37   18,432   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
- 2006-06-23 11:02:50   251,392   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-02-16 08:59:35   251,392   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
- 2006-07-27 13:24:46   679,424   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
+ 2007-08-21 06:15:44   683,520   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
- 2006-06-23 11:02:50   96,256   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2008-02-16 08:59:35   96,256   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2006-05-18 05:24:25   450,560   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-12-18 14:40:58   450,560   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
- 2006-06-23 11:02:50   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-02-16 08:59:35   16,384   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-07-05 10:55:01   984,064   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\kernel32.dll
+ 2007-04-16 15:52:53   984,576   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\kernel32.dll
- 2004-10-28 01:21:01   721,920   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2007-11-07 09:26:56   721,920   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2007-03-08 15:36:28   40,960   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mf3216.dll
+ 2006-11-01 19:17:45   927,504   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mfc40u.dll
+ 2006-10-14 08:13:25   981,760   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mfc42u.dll
+ 2007-12-18 09:51:35   179,584   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
- 2004-08-04 11:00:00   536,576   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msado15.dll
+ 2006-12-26 13:07:23   536,576   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msado15.dll
- 2004-08-04 11:00:00   180,224   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadomd.dll
+ 2006-12-26 13:07:23   180,224   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadomd.dll
- 2004-08-04 11:00:00   200,704   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadox.dll
+ 2006-12-26 13:07:23   200,704   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadox.dll
+ 2008-03-25 04:50:28   518,944   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
+ 2008-03-25 04:50:30   326,432   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
+ 2006-11-27 14:54:06   539,136   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msftedit.dll
- 2006-07-28 11:28:54   3,054,080   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-02-16 22:29:38   3,059,712   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2006-06-23 11:02:51   448,512   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-02-16 08:59:37   449,024   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-25 04:50:34   1,516,568   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
+ 2008-03-25 04:50:40   355,112   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll
- 2004-08-04 11:00:00   102,400   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjro.dll
+ 2006-12-26 13:07:23   102,400   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjro.dll
+ 2008-03-25 04:50:42   60,192   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
+ 2008-03-25 04:50:42   248,608   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
+ 2008-03-25 04:50:44   219,936   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
- 2006-03-17 09:07:17   1,311,744   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msoe.dll
+ 2007-05-16 15:12:08   1,314,816   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msoe.dll
+ 2008-03-25 04:50:45   355,104   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
- 2006-06-23 11:02:51   146,432   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-02-16 08:59:37   146,432   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-25 04:50:47   432,928   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
+ 2008-03-25 04:50:49   322,336   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
+ 2008-03-25 04:50:52   559,904   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
+ 2008-03-25 04:50:55   264,992   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
- 2006-06-23 11:02:51   532,480   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-02-16 08:59:37   532,480   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-25 04:50:57   838,432   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
+ 2008-03-25 04:50:58   621,344   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll
+ 2008-03-25 04:50:58   355,104   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
- 2004-08-04 11:00:00   1,236,480   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
+ 2007-06-26 06:08:16   1,104,896   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
- 2006-07-14 15:31:39   332,288   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
+ 2006-08-17 12:28:27   332,288   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
- 2004-08-04 11:00:00   574,592   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntfs.sys
+ 2007-02-09 11:10:35   574,464   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntfs.sys
+ 2007-02-28 09:08:48   2,136,064   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2007-02-28 08:38:55   2,057,600   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2007-02-28 08:38:57   2,015,744   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2007-02-28 09:10:57   2,180,352   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2004-08-04 11:00:00   144,384   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\nwprovau.dll
+ 2006-10-13 12:35:12   142,336   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\nwprovau.dll
+ 2007-12-04 18:38:13   550,912   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
+ 2006-10-16 16:15:00   122,880   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\oledlg.dll
- 2006-06-23 11:02:51   39,424   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-02-16 08:59:37   39,424   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2004-09-15 18:27:54   221,184   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\qasf.dll
+ 2001-08-17 19:52:16   40,448   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ql1240.sys
+ 2001-08-17 19:52:18   49,024   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ql1280.sys
+ 2004-08-04 11:00:00   20,480   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\qprocess.exe
+ 2005-08-30 03:54:26   1,287,168   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
+ 2006-11-27 14:54:06   433,152   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\riched20.dll
+ 2007-04-25 14:21:15   144,896   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\schannel.dll
- 2006-06-23 11:02:51   1,494,016   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-02-16 08:59:38   1,494,528   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
- 2006-07-13 13:33:27   8,453,632   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-10-26 03:36:51   8,454,656   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
- 2006-06-23 11:02:51   474,112   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-02-16 08:59:38   474,112   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2006-12-19 21:52:18   134,656   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\shsvcs.dll
- 2006-04-21 06:12:27   332,800   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
+ 2006-08-14 10:34:41   332,928   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
+ 2006-08-21 15:52:08   246,814   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\strmdll.dll
+ 2006-10-19 13:56:32   713,216   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\sxs.dll
- 2006-04-20 11:51:50   359,808   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
+ 2007-10-30 17:20:55   360,064   ------w   C:\WINDOWS\SYSTEM32

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 02:10:50 AM »

SUPERAntiSpyware Scan Log http://www.superantispyware.comGenerated 05/26/2008 at 01:06 AMApplication Version : 4.1.1046Core Rules Database Version : 3468Trace Rules Database Version: 1459Scan type : Complete ScanTotal Scan Time : 00:25:12Memory items scanned : 272Memory threats detected : 1Registry items scanned : 4246Registry threats detected : 117File items scanned : 18617File threats detected : 586Trojan.Downloader-PATDUM C:\WINDOWS\FONTS\TFPAFX.DLL C:\WINDOWS\FONTS\TFPAFX.DLL HKLM\Software\Classes\CLSID\{B729C284-26F0-478D-A341-88B2476E5759} HKCR\CLSID\{B729C284-26F0-478D-A341-88B2476E5759} HKCR\CLSID\{B729C284-26F0-478D-A341-88B2476E5759}\InprocServer32 HKCR\CLSID\{B729C284-26F0-478D-A341-88B2476E5759}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B729C284-26F0-478D-A341-88B2476E5759} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\tfpafx C:\WINDOWS\SYSTEM\SAPA.DLLAdware.180solutions/Search Assistant HKLM\Software\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID C:\WINDOWS\DOWNLOADED PROGRAM FILES\CLIENTAX.DLL HKLM\Software\Classes\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Control HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32#ThreadingModel HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Programmable HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Control HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InprocServer32 HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InprocServer32#ThreadingModel HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\MiscStatus HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\MiscStatus\1 HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\ProgID HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Programmable HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\ToolboxBitmap32 HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\TypeLib HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Version HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\VersionIndependentProgID HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#VersionUnclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\XXYXYVW.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}Adware.ClickSpring HKLM\Software\Classes\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6} HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6} HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\InprocServer32 HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\InprocServer32#ThreadingModel HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\Programmable HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\TypeLib C:\WINDOWS\SYSTEM32\BQBCOZEM.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91996F21-D1C7-D167-EE5A-FE8A308528E6} C:\DOCUMENTS AND SETTINGS\MEGHAN\LOCAL SETTINGS\TEMP\MSHTML2.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1041\A0212604.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1067\A0213883.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1074\A0214871.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214914.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214915.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214917.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214928.EXE C:\WINDOWS\SYSTEM32\KMMY(2).DLLAdware.WhenU C:\Program Files\Save\ACM.dll C:\Program Files\SaveAdware.180solutions/ZangoSearch HKCR\ClientAX.ClientInstaller HKCR\ClientAX.ClientInstaller\CLSID HKCR\ClientAX.ClientInstaller\CurVer HKCR\ClientAX.ClientInstaller.1 HKCR\ClientAX.ClientInstaller.1\CLSID HKCR\ClientAX.RequiredComponent HKCR\ClientAX.RequiredComponent\CLSID HKCR\ClientAX.RequiredComponent\CurVer HKCR\ClientAX.RequiredComponent.1 HKCR\ClientAX.RequiredComponent.1\CLSID HKCR\ClientAX.ZangoClientAX HKCR\ClientAX.ZangoClientAX\CLSID HKCR\ClientAX.ZangoClientAX\CurVer HKCR\ClientAX.ZangoClientAX.1 HKCR\ClientAX.ZangoClientAX.1\CLSID HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version C:\DOCUMENTS AND SETTINGS\MEGHAN\LOCAL SETTINGS\TEMP\RES20.TMPTrojan.NewDotNet HKU\.DEFAULT\Software\New.net HKU\S-1-5-18\Software\New.net C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_90.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_98.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_14.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214929.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214933.EXERegistry Cleaner Trial HKU\S-1-5-21-2212886115-4084876878-2786197212-1006\Software\SoftwareOnline.com C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2006-11-12,07-39 54 500.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-22 03 279.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-23 45 263.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-25 35 731.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-26 38 262.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-27 54 246.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-14,16-36 02 343.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-03,13-54 11 099.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-16,20-13 54 012.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-22,11-00 09 453.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-24,11-54 56 937.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\RegClean.ini C:\Documents and Settings\Heidrichs\Application Data\Registry CleanerTrojan.Avpe64/32 C:\WINDOWS\system32\klgcptini.dat C:\WINDOWS\system32\stt82.iniAdware.GAIN/Gator HKLM\Software\Gator.com HKLM\Software\Gator.com\Trickler HKLM\Software\Gator.com\Trickler#AppPath HKLM\Software\Gator.com\Trickler#OldTricklerRogue.AntiSpywareMaster C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster HKU\S-1-5-21-2212886115-4084876878-2786197212-1006\Software\AntiSpywareMaster HKU\S-1-5-21-2212886115-4084876878-2786197212-1006\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350} C:\Documents and Settings\Heidrichs\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk C:\Documents and Settings\Heidrichs\Desktop\AntiSpywareMaster.lnk C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214893.EXEAdware.Tracking Cookie statse.webtrendslive.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ehg-legonewyorkinc.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ehg-legonewyorkinc.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .edge.ru4.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .bluestreak.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .socialmedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .socialmedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adnetserver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adlegend.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .bluestreak.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .eyewonder.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .112.2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .americanskiingco.112.2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .atwola.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .northwestairlines.112.2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] anad.tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ads.revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .consumergain.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .consumergain.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revenue.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adinterax.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adinterax.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Hei

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 01:06:11 AM »

Malwarebytes' Anti-Malware doesn't seem to want to successfully load onto this computer. I get the error message
"Error Loading Database #15054" after trying to start to load the application.

I downloaded the optional InstalledPrograms.zip and this is the log it has given me.

INSTALLED SOFTWARE (189) - FAMILIAROOM - 5/26/2008 12:10:33 AM

Adobe Acrobat - Reader 6.0.2 Update   Ver: 6.0.2   Installed: 1/20/2005
Adobe Flash Player ActiveX   Ver: 9.0.47.0
Adobe Reader 6.0.1   Ver: 006.000.001   Installed: 1/20/2005
Advanced System Optimizer   Ver: 2.20   Installed: 9/3/2007
AIM 6.0
AOL Explorer
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel   Ver: 6.14.10.5120
ATI Display Driver   Ver: 8.051-040825a-017900C-Dell
Banctec Service Agreement   Ver: 1.10.0000   Installed: 1/20/2005
Broadcom Advanced Control Suite 2   Ver: 7.58.01   Installed: 1/20/2005
Broadcom Advanced Control Suite 2   Ver: 7.58.01   Installed: 1/20/2005
CCHelp   Ver: 4.00.0000.0001   Installed: 1/25/2006
CCScore   Ver: 4.00.0000.0001   Installed: 1/25/2006
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool   Ver: 1.02.0000   Installed: 1/20/2005
Dell Media Experience   Ver: 3.0   Installed: 1/20/2005
Dell Media Experience Update
Dell Networking Guide   Ver: 1.00.0001   Installed: 1/20/2005
Dell Photo AIO Printer 922
Dell Picture Studio v3.0   Ver: 3.0.0   Installed: 1/20/2005
DellSupport   Ver: 6.0.3062   Installed: 4/23/2007
Digital Line Detect   Ver: 1.10
DVC5.1 Driver
ESSAdpt   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSANUP   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSCAM   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSCDBK   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESScore   Ver: 4.00.0000.0102   Installed: 1/25/2006
ESSgui   Ver: 4.00.0000.0004   Installed: 1/25/2006
ESShelp   Ver: 4.00.0000.0003   Installed: 1/25/2006
ESSini   Ver: 4.00.0000.0007   Installed: 1/25/2006
ESSPCD   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSSONIC   Ver: 4.00.0000.0003   Installed: 1/25/2006
ESSvpaht   Ver: 4.00.0000.0003   Installed: 1/25/2006
ESSvpot   Ver: 4.00.0000.0001   Installed: 1/25/2006
FilmLoop Player
FinePixViewer Ver.4.2
FirstClassÂ® Client   Ver: 9.0 (build 9.022)   Installed: 10/21/2007
FUJIFILM USB Driver
HighMAT Extension to Microsoft Windows XP CD Writing Wizard   Ver: 1.1.1905.1   Installed: 8/9/2005
HijackThis 2.0.2   Ver: 2.0.2
HLPIndex   Ver: 4.00.0000.0003   Installed: 1/25/2006
HLPRFO   Ver: 4.00.0000.0004   Installed: 1/25/2006
ImageMixer VCD2 for FinePix
iMesh
iMesh MediaBar
iMesh MediaBar
IncrediMail Xe   Ver: 5.6.7.3132
InstaFinderK
Intel Application Accelerator
Internet Explorer Default Page   Ver: 1.00.03   Installed: 1/20/2005
iPod for Windows   Ver: 3.8.0   Installed: 12/24/2005
iPod for Windows   Ver: 3.8.0   Installed: 12/24/2005
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 4   Ver: 1.5.0.40   Installed: 8/3/2005
Jasc Paint Shop Photo Album   Ver: 4.0.4   Installed: 1/29/2005
Jasc Paint Shop Photo Album 5   Ver: 5.1.0   Installed: 1/20/2005
Jasc Paint Shop Pro 8 Dell Edition   Ver: 8.10.0000   Installed: 1/29/2005
Jasc Paint Shop Pro Studio, Dell Editon   Ver: 1.00.0000   Installed: 1/20/2005
Java 2 Runtime Environment, SE v1.4.2_03   Ver: 1.4.2_03   Installed: 1/20/2005
Kodak EasyShare software
KSU   Ver: 632.62.0002.0001   Installed: 1/25/2006
Lame ACM MP3 Codec
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware      Installed: 5/26/2008
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 2/11/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer   Ver: 1.1.0.3514   Installed: 1/20/2005
Microsoft Plus! Photo Story 2 LE   Ver: 1.1.0.3463   Installed: 1/20/2005
MicroStaff WINASPI
Modem Helper   Ver: 2.28
Mozilla Firefox (2.0.0.14)   Ver: 2.0.0.14 (en-US)
Notifier   Ver: 4.00.0000.0001   Installed: 1/25/2006
OTtBP   Ver: 4.00.0000.0003   Installed: 1/25/2006
OTtBPSDK   Ver: 4.00.0000.0000   Installed: 1/25/2006
PCDADDIN   Ver: 4.00.0000.0001   Installed: 1/25/2006
PCDHELP   Ver: 4.0000.0000.0002   Installed: 1/25/2006
PCDLNCH   Ver: 4.00.0000.0101   Installed: 1/25/2006
Photo Click   Ver: 1.0.0   Installed: 1/20/2005
PowerDVD 5.3
ProfileWatcher 2.0      Installed: 1/17/2007
RAW FILE CONVERTER LE
RealPlayer Basic
Registry Cleaner 4.0   Ver: 4.00   Installed: 9/3/2007
RelevantKnowledge
Samsung DVC Media 5.1
Samsung Media Studio
Samsung Multimedia Studio
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010   Installed: 6/16/2005
Security Update for Windows Media Player (KB911564)      Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 6/15/2006
Security Update for Windows XP (KB883939)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 11/8/2005
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896688)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB899588)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 7/13/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB903235)   Ver: 1   Installed: 7/13/2005
Security Update for Windows XP (KB904706)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 12/17/2005
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 1/11/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 2/19/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 1/7/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 2/19/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 5/12/2006
Security Update for Windows XP (KB914388)   Ver: 1   Installed: 7/14/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB917159)   Ver: 1   Installed: 7/14/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB917422)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB918899)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920214)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920670)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920683)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB921398)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB921883)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB922616)   Ver: 1   Installed: 8/10/2006
SFR   Ver: 3.03.0000.0001   Installed: 1/25/2006
SFR2   Ver: 3.03.0000.0002   Installed: 1/25/2006
Sonic DLA   Ver: 4.95   Installed: 1/20/2005
Sonic MyDVD   Ver: 5.3.0   Installed: 1/20/2005
Sonic RecordNow!   Ver: 7.3   Installed: 1/20/2005
Sonic Update Manager   Ver: 2.9   Installed: 1/20/2005
Update for Windows XP (KB894391)   Ver: 1   Installed: 8/10/2005
Update for Windows XP (KB896727)   Ver: 1   Installed: 8/10/2005
Update for Windows XP (KB898461)   Ver: 1   Installed: 6/28/2005
Update for Windows XP (KB900485)   Ver: 2   Installed: 4/26/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 12/17/2005
Update for Windows XP (KB916595)   Ver: 1   Installed: 7/14/2006
Viewpoint Media Player
VPRINTOL   Ver: 4.00.0000.0001   Installed: 1/25/2006
WeatherBug   Ver: WeatherBug 6.0.0.0
WebFldrs XP   Ver: 9.50.7523   Installed: 8/10/2004
WildTangent Web Driver
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 10   Ver: 9.00.3636   Installed: 1/20/2005
Windows XP Hotfix - KB834707   Ver: 20040929.110854
Windows XP Hotfix - KB867282   Ver: 20050127.090417
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890047   Ver: 20041221.124506
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 4/13/2005
Windows XP Hotfix - KB890923   Ver: 1   Installed: 4/13/2005
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893066   Ver: 1   Installed: 4/13/2005
Windows XP Hotfix - KB893086   Ver: 1   Installed: 4/13/2005
WordPerfect Office 12   Ver: 12.0.0.238   Installed: 1/20/2005
XviD MPEG-4 Video Codec   Ver: XviD-1.0.3-20122004
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Music Jukebox
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 12:40:32 AM »

C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Email\index.htm 4061 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\css
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\css\BPStyles.css 1149 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images\blank_pixel.gif 807 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images\bullet.gif 821 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images\CreateFileBrowse.gif 932 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\index.htm 5578 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Scripts
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Scripts\Browse.PspScript 1246 bytes
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Recife 377 bytes
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Qatar 77 bytes
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Qyzylorda 1028 bytes
C:\Program Files\Java\jre1.5.0_04\lib\zi\America\Recife 377 bytes
C:\Program Files\Java\jre1.5.0_04\lib\zi\Asia\Qatar 77 bytes
C:\Program Files\Java\jre1.5.0_04\lib\zi\Asia\Qyzylorda 1028 bytes
C:\Program Files\McAfee.com\Personal Firewall\data\rdns.idx 13 bytes
C:\Program Files\WildTangent\Apps\rDRM0302.dll 24576 bytes executable
C:\Program Files\Windows Media Player\Skins\QuickSilver.wmz 916798 bytes
C:\Program Files\Common Files\AOL\1126148325\ee\services\browser\ver1_1_1042\resources\en-US\shared\qaphandler.js 4995 bytes
C:\Program Files\Common Files\aolback\Comps\qt
C:\Program Files\Common Files\aolback\Comps\qt\qt.exe 7515304 bytes executable
C:\Program Files\Common Files\aolback\Comps\qt\QTInsInf.dll 86016 bytes executable
C:\Program Files\Common Files\aolshare\Coach\en_en\adpglobal\quit.gif 974 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_inactive.bmp 1334 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_new.bmp 1334 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_normal.bmp 1334 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_selected.bmp 1334 bytes
C:\Program Files\Dell\Media Experience\Plugins\PNGs\RecordNow.png 23330 bytes
C:\Program Files\Dell\Media Experience\Plugins\recordnow_music_export.dmx 1406 bytes
C:\Program Files\Dell Support\qdiagd.ocx 1458176 bytes executable
C:\Program Files\DellSupport\GTAction\handlers\qdiagh.dll 120320 bytes executable
C:\Program Files\DellSupport\GTAction\handlers\qdiagh.xml 109 bytes
C:\Program Files\DellSupport\qdiagd.ocx 567296 bytes executable
C:\Program Files\Sonic\RecordNow!
C:\Program Files\Sonic\RecordNow!\Explain
C:\Program Files\Sonic\RecordNow!\Explain\Bad_Read_Source.html 3665 bytes
C:\Program Files\Sonic\RecordNow!\Tutorial\Movies\Making_Music.swf 172510 bytes
C:\Program Files\Sonic\RecordNow!\Unicows.dll 245408 bytes executable
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\b_wink.bmp 1866 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\b_wink.gif 593 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\c_laugh.bmp 1870 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\c_laugh.gif 756 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\fantastic_new.bmp 1898 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\fantastic_new.gif 4143 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\laughter01.bmp 2042 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\laughter01.gif 11703 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\Order.dat 152 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\reccomended.gif 1158 bytes
C:\Program Files\PartyPoker\Images\Qc.bmp 5698 bytes
C:\Program Files\PartyPoker\Images\qcg.bmp 5698 bytes
C:\Program Files\PartyPoker\Images\Qd.bmp 5698 bytes
C:\Program Files\PartyPoker\Images\qdb.bmp 5698 bytes

C:\QooBox
C:\QooBox\BackEnv
C:\QooBox\BackEnv\appdata.folder.dat 398 bytes
C:\QooBox\BackEnv\cache.folder.dat 480 bytes
C:\QooBox\BackEnv\desktop.folder.dat 233 bytes
C:\QooBox\BackEnv\favorites.folder.dat 295 bytes
C:\QooBox\BackEnv\localappdata.folder.dat 498 bytes
C:\QooBox\BackEnv\localsettings.folder.dat 389 bytes
C:\QooBox\BackEnv\mypictures.folder.dat 247 bytes
<Edited entries to save room>
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\epxkflwo.dll.vir 132116 bytes executable
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ewrgqcam.dll.vir 106516 bytes executable
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eybsoxaa.dll.vir 76412 bytes executable
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fiskntph.dll.vir 125460 bytes executable
C:\QooBox\Quarantine\catchme.log 2273 bytes
C:\QooBox\Quarantine\catchme2008-05-25_213513.27.zip 724672 bytes
C:\QooBox\Quarantine\Registry_backups
C:\QooBox\Quarantine\Registry_backups\Legacy_DOMAINSERVICE.reg.dat 1098 bytes
C:\QooBox\Quarantine\Registry_backups\Service_DomainService.reg.dat 2956 bytes
C:\QooBox\snapshot@2008-05-25_21.41.47.87.dat 410833 bytes
C:\QooBox\snapshot@2008-05-25_21.41.47.87_B.dat 383413 bytes
C:\RECYCLER
C:\RECYCLER\S-1-5-21-2212886115-4084876878-2786197212-1006
C:\RECYCLER\S-1-5-21-2212886115-4084876878-2786197212-1006\desktop.ini 65 bytes
C:\WINDOWS\Prefetch\QTPLUGININSTALLER.EXE-2F212EAF.pf 26544 bytes
C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf 41166 bytes
C:\WINDOWS\Prefetch\QUICKTIMEINSTALLER[1].EXE-21636A8F.pf 8804 bytes
C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-1FEBEAA1.pf 44132 bytes
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll 221184 bytes executable
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll 237568 bytes executable
C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\QuickTimeInstaller.exe 33147536 bytes executable
C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe 45056 bytes executable
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\Rdr60.mst 11776 bytes
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\Rdr60ENU.mst 6144 bytes
C:\WINDOWS\Installer\{AF19F291-F22F-4798-9662-525305AE9E48}\QPWShortcut.exe 57344 bytes executable
C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll 1287680 bytes executable
C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys 174592 bytes executable
C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys 139528 bytes executable
C:\WINDOWS\$NtUninstallKB904706$\quartz.dll 1287680 bytes executable
C:\WINDOWS\INF\QMGR.INF 6140 bytes
C:\WINDOWS\INF\QMGR.PNF 11416 bytes
C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\sp2gdr\quartz.dll 1287680 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\sp2qfe\quartz.dll 1287680 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\sp2gdr\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\sp2qfe\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\sp2gdr\query.dll 1435648 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\sp2qfe\query.dll 1435648 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74eac9a4b069a45e3e4e8d162f3dd349\sp2gdr\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74eac9a4b069a45e3e4e8d162f3dd349\sp2qfe\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd5f937d0efd28640769c02449cb1c5f\sp2gdr\query.dll 1435648 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd5f937d0efd28640769c02449cb1c5f\sp2qfe\query.dll 1435648 bytes executable
C:\WINDOWS\SYSTEM32\stt82.ini 320 bytes
C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS 40320 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS 33152 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS 45312 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS 49024 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys 174592 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS 4224 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS 196864 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys 139528 bytes executable
C:\WINDOWS\SYSTEM32\klgcptini.dat 0 bytes
C:\WINDOWS\SYSTEM32\pptp32.dll 42252 bytes executable
C:\WINDOWS\SYSTEM32\RDPWSX.DLL 87176 bytes executable
C:\WINDOWS\SYSTEM32\RDSADDIN.EXE 13824 bytes executable
C:\WINDOWS\SYSTEM32\RDSHOST.EXE 67072 bytes executable
C:\WINDOWS\SYSTEM32\rdvshalh.ini 693518 bytes
C:\WINDOWS\SYSTEM32\RECOVER.EXE 7168 bytes executable
C:\WINDOWS\SYSTEM32\qaahhvpn.exe 4628 bytes executable
C:\WINDOWS\SYSTEM32\QAPPSRV.EXE 16896 bytes executable
C:\WINDOWS\SYSTEM32\qasf.dll 221184 bytes executable
C:\WINDOWS\SYSTEM32\QCAP.DLL 192512 bytes executable
C:\WINDOWS\SYSTEM32\QDV.DLL 279040 bytes executable
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 683 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Recent
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Recent\Desktop.ini 150 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\SendTo\RecordNow!.RecordNowSendToExt 0 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Templates\QUATTRO.WB2 4017 bytes
C:\WINDOWS\SYSTEM32\RDCHOST.DLL 147968 bytes executable
C:\WINDOWS\SYSTEM32\RDPCFGEX.DLL 4096 bytes executable
C:\WINDOWS\SYSTEM32\RDPCLIP.EXE 62464 bytes executable
C:\WINDOWS\SYSTEM32\RDPDD.DLL 92168 bytes executable
C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RDTONE.HTM 2597 bytes
C:\WINDOWS\SYSTEM32\OOBE\IMAGES\QMARK.ACS 1174050 bytes
C:\WINDOWS\SYSTEM32\OOBE\IMAGES\QMARK.GIF 2479 bytes
C:\WINDOWS\SYSTEM32\pptp64.sys 21840 bytes executable
C:\WINDOWS\SYSTEM32\QDVD.DLL 385024 bytes executable
C:\WINDOWS\SYSTEM32\RDPSND.DLL 19968 bytes executable
C:\WINDOWS\SYSTEM32\QEDIT.DLL 562176 bytes executable
C:\WINDOWS\SYSTEM32\QEDWIPES.DLL 733696 bytes executable
C:\WINDOWS\SYSTEM32\qeftgjjv.exe 13844 bytes executable
C:\WINDOWS\SYSTEM32\qfgrvnro.exe 12308 bytes executable
C:\WINDOWS\SYSTEM32\qgykaetf.ini 693595 bytes
C:\WINDOWS\SYSTEM32\qjcoqppf.exe 74260 bytes executable
C:\WINDOWS\SYSTEM32\qlhrwurr.exe 50708 bytes executable
C:\WINDOWS\SYSTEM32\qlsnhvse.dll 76412 bytes executable
C:\WINDOWS\SYSTEM32\QMGR.DLL 382464 bytes executable
C:\WINDOWS\SYSTEM32\QMGRPRXY.DLL 18944 bytes executable
C:\WINDOWS\SYSTEM32\QOSNAME.DLL 8192 bytes executable
C:\WINDOWS\SYSTEM32\QPROCESS.EXE 20480 bytes executable
C:\WINDOWS\SYSTEM32\qrphfojv.dll 132116 bytes executable
C:\WINDOWS\SYSTEM32\quartz.dll 1287168 bytes executable
C:\WINDOWS\SYSTEM32\QUERY.DLL 1435648 bytes executable
C:\WINDOWS\SYSTEM32\qvbtpuxn.dll 69140 bytes executable
C:\WINDOWS\SYSTEM32\QWINSTA.EXE 22016 bytes executable
C:\WINDOWS\SYSTEM32\qz.dll 42252 bytes executable
C:\WINDOWS\SYSTEM32\qz.sys 21840 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\qasf.dll 221184 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\ql1240.sys 40448 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\ql1280.sys 49024 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\qprocess.exe 20480 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 1287168 bytes executable
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OL4RAYQR\qt_lo_1[1].gif 68 bytes
C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys 139400 bytes executable
C:\WINDOWS\$NtUninstallKB885835$\rdbss.sys 176512 bytes executable
C:\WINDOWS\Help\qosconcepts.chm 12752 bytes
C:\WINDOWS\Help\RECYCLE.CHM 19107 bytes
C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\RECORD_1.SWF 579582 bytes
C:\WINDOWS\Help\Tours\htmlTour\question_icon.jpg 2626 bytes
C:\WINDOWS\wt\webdriver\rdriver.dll 159744 bytes executable
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll 24576 bytes executable
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll 159744 bytes executable
C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.bmp 3898 bytes
C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.gif 750 bytes
C:\WINDOWS\Media\RECYCLE.WAV 25434 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8713

Finished

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:51 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: winupdt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: winupdt.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199658369254
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3119 bytes

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 26, 2008, 12:38:10 AM »

Here is the first half of the HaxFix log. I'll follow up with the 2nd half and the fresh HijackThis in the next post. Also the Uninstall/Save This portion of HijackThis once again doesn't seem to want to work. HAXFIX logfile - by Marckieversion 5.01.1Sun 05/25/2008 23:17:46.26 --- Auto Haxdoorfix ---Haxdoorfix Part 1no infections foundHaxdoorfix Part 2searching for notifykeysno notifykeys foundsearching for servicesno services foundsearching for safeboot servicesno safeboot services found--- Goldunfix ---searching for other goldun- and haxdoorfiles:C:\WINDOWS\system32\klo5.sys checking iexplore.exeiexplore.exe is not infected searching for SSODLkeysno SSODLkeys foundsearching for notifykeys no notify keys foundsearching for servicesno services found--- Registrysettings ---not necessary.....rebooting the computer.....--- searching for ssodlkeys ---not necessary --- searching for notifykeys ---not necessary --- searching for services ---not necessary --- searching for safeboot services ---not necessary --- searching for files ---C:\WINDOWS\system32\klo5.sys founddeleting C:\WINDOWS\system32\klo5.sysC:\WINDOWS\system32\klo5.sys has been deleted--- searching for other files in the system32 folder ---no other files found in the system32 folder --- searching for other files in windows folder ---no other files found in the windows folder --- searching for a3d files ---ps.a3ddeleting a3d filesa3d files are deleted--- checking registry settings ---not necessary--- Catchme logfile ---catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-25 23:20:13Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...C:\327882R2FWJFW\Qoo.bat 3398 bytesC:\ComboFix\QooBox-temp.dat 50598 bytesC:\ComboFix\test\qhdtvv.dll 0 bytesC:\ComboFix\test\rdrVR2.dll 0 bytesC:\DELL\MEDIAEXE\Media\I386\QAPPSRV.EX_ 9078 bytesC:\DELL\MEDIAEXE\Media\I386\QASF.DL_ 97269 bytesC:\DELL\MEDIAEXE\Media\I386\QCAP.DL_ 84711 bytesC:\DELL\MEDIAEXE\Media\I386\QDV.DL_ 99486 bytesC:\DELL\MEDIAEXE\Media\I386\QDVD.DL_ 175899 bytesC:\DELL\MEDIAEXE\Media\I386\QEDIT.DL_ 231408 bytesC:\DELL\MEDIAEXE\Media\I386\QEDWIPES.DL_ 371599 bytesC:\DELL\MEDIAEXE\Media\I386\QL1080.SY_ 22761 bytesC:\DELL\MEDIAEXE\Media\I386\QL12160.SY_ 25938 bytesC:\DELL\MEDIAEXE\Media\I386\QMARK.GI_ 2578 bytesC:\DELL\MEDIAEXE\Media\I386\QMGR.IN_ 1951 bytesC:\DELL\MEDIAEXE\Media\I386\QMGRPRXY.DL_ 7187 bytesC:\DELL\MEDIAEXE\Media\I386\QOSCONW.CH_ 5068 bytesC:\DELL\MEDIAEXE\Media\I386\QPROCESS.EX_ 10623 bytesC:\DELL\MEDIAEXE\Media\I386\QUATTRO.WB_ 1934 bytesC:\DELL\MEDIAEXE\Media\I386\QUERY.EX_ 5106 bytesC:\DELL\MEDIAEXE\Media\I386\QUSER.EX_ 8886 bytesC:\DELL\MEDIAEXE\Media\I386\RDBSS.SY_ 85602 bytesC:\DELL\MEDIAEXE\Media\I386\RDCHOST.DL_ 59506 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCDD.SY_ 2141 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCFGEX.DL_ 1361 bytesC:\DELL\MEDIAEXE\Media\I386\RDPDD.DL_ 44858 bytesC:\DELL\MEDIAEXE\Media\I386\RDPSND.DL_ 10019 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWD.SY_ 67700 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWSX.DL_ 36977 bytesC:\DELL\MEDIAEXE\Media\I386\RDSADDIN.EX_ 6669 bytesC:\DELL\MEDIAEXE\Media\I386\RDTONE.HT_ 1239 bytesC:\DELL\MEDIAEXE\Media\I386\RECAGENT.SY_ 7113 bytesC:\DELL\MEDIAEXE\Media\I386\RECOVER.EX_ 3228 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.CH_ 11578 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.WA_ 18680 bytesC:\DELL\MEDIAEXE\Media\I386\QL1280.SY_ 27359 bytesC:\DELL\MEDIAEXE\Media\I386\QWINSTA.EX_ 10386 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcffC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\bs.html 1861 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\htmlC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkInformation.html 2704 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkoutNow.html 4947 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\imagesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\animatedDots.gif 28661 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\blueBackground.gif 1527 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\btn-dont-show.gif 316 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\cancel.gif 806 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\checkoutNowButton.gif 953 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\clear.gif 43 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image1.gif 4425 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image2.gif 77227 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\ok.gif 945 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\pleaseHeadline.gif 398 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\qc_brand.gif 4934 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\quickcheckLogo.gif 1816 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonNo.gif 1221 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonRemind.gif 928 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonYes.gif 979 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registrationPopupHeadline.gif 1729 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\sign_up.gif 2097 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\simplifyHeadline.gif 656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\qcff_signup_moreinfo.html 3504 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\QCRegistration1_1.html 5297 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\retrieveInformation.html 1907 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scriptsC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Engine.js 3288 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\FormFill.js 8670 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\IntelliFill.js 30296 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffConf.js 1616 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffDriver.js 9839 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffHtml.js 453 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLib.js 6540 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLists.js 1476 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffSites.js 1529 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffTxnSeqDetector.js 2482 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUnmappedList.js 8916 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUserLib.js 2656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\qpt_main.js 3340 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Request.js 1685 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\RulesInfo.js 7573 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\TEAOClient.js 4874 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTime.qtp 10367 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\qdiagocx.js 1919 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\QuarantineC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\adv479[1].MCQ 715 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 4232 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 5486 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\QueueC:\Documents and Settings\All Users\Application Data\QuickTimeC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTime.qtp 10339 bytesC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsbm.bmp 372 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsim.bmp 276 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsy.bmp 256 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsyma.bmp 288 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!C:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow Help.lnk 551 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow!.lnk 1857 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 683 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Default User\RecentC:\Documents and Settings\Default User\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Default User\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Default User\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Guest\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qb3A5.tmp 0 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qbogvyat.dll 86036 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\qdiagd.log 120 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qgqoexcc.dll 45525 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qnUVy7y6UAr1+c4ZAQbYziwBdPTurtZJqpzOoEKQDL6cR1WU35fxLRP07pFglsNR[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qdwZZQPdDaemyLdW6zrGMDHDo3zQCUAvtS8fpypccoFAGaeBH1hFeXnp++GZsRYw[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\Q[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\QDcZwy5VV8be++sHFO5aNZfZE5gKLfvmei93nTibUgel1jEWzUk9HYwffQgbmyO1[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quote[1].gif 29349 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MR8HIJ\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\qArurV8mGf0bqCcHRpzxVx[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\QnHbaghb43gdnlytM1JeB+uwf1QoiIjOyecVH+hp6A8DqBZ5mTS6xq0nY[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quRPaOT5MbVddJlDCJVas8g2vmyO9eqJEcV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\W3S3CL45\q51374820[1].png 10788 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qq84tvVupTJI9NcaIn76TXmVSTQg0mrtiE0gt[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qyjtheg29wht2CkOsBigDOTDWu[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\qsscreen[1].gif 934 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quant[3].js 2688 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quill[1].txt 100 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recent[1].js 324 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recommendedvideos[1].htm 7899 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\1D5AVNXA\Recovery_Design_small_1642774194219[1].jpg 3990 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\questionSmall[1].jpg 15318 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\rec_thumbup_gray_sml[1].gif 583 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\Recovery_Armband_small_1974594820678[1].jpg 3981 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\qtobject[1].js 3514 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\Quiksilver-02[1].gif 1410 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\qt_lo_1[1].gif 68 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\recharge[1].jpg 13519 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\quiz[1].jpg 2339 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q122900650_8854[1].jpg 2466 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q20608714_5279[1].jpg 2373 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q43808713_3593[1].jpg 2655 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q45204789_1978[1].jpg 2930 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_neigh_9800_v2_160x600_30k[1].gif 19145 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_newly_9800_v2_728x90_30k[1].gif 19046 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\recent[1].htm 4555 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\rdc_pleasewaiticon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\QBMS_Benefits_v1_300x250[1].gif 19038 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\quill[1].swf 132408 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\rec_thumb_down_sml[1].gif 576 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quant[1].js 2259 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quote_box_center[1].gif 104 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\quentin_tarantino_spits_on_a_reporter[1].jpg 7076 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\reclinks_ltcnr[1].gif 52 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\question_mark[1].gif 272 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q145700153_8659[1].jpg 2001 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q19228185_4114[1].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501050443_7228[1].jpg 2700 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501664432_4369[1].jpg 2345 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q513675668_8153[1].jpg 2009 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q878540082_7179[1].jpg 2569 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_blacksolidarrow[1].gif 77 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_headertitle[1].gif 3094 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\recommended_videos[1].htm 28800 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\qualityhealth[1].bmp 432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\rec_thumb_up_sml[1].gif 568 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH2ZOHAN\quote_box_top[1].gif 368 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH6VSTQF\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quote_box_bottom[1].gif 369 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz275outcome1[1].jpg 18051 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MYZVDCNB\rectest[1].htm 11388 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OXANOD6Z\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\ql[1].css 2014 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\reclinks_titlebar[1].jpg 95 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXLC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[14].jpg 3834 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].htm 24130 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[5].jpg 3725 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\AmonRa2[1].jpg 15828 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAG52BWH.htm 1220 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAQNJWEK.jpg 7964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\counter[1].gif 715 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\desktop.ini 67 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Djn[1].jpg 7561 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\doodlecolour[1].jpg 128073 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\geov2_001[1].js 662 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[15].jpg 3702 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[16].jpg 3450 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[17].jpg 3498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[18].jpg 3412 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[19].jpg 2767 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].htm 24196 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].jpg 3892 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[20].jpg 2807 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[21].jpg 2513 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[22].jpg 1743 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[23].jpg 3365 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[24].jpg 1531 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[25].jpg 3209 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[26].jpg 1941 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[27].jpg 3616 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[28].jpg 4827 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[29].jpg 3539 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].jpg 4223 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[30].jpg 3578 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[31].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[32].jpg 3759 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[33].jpg 4032 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[34].jpg 4430 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[35].jpg 2281 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[36].jpg 5363 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[37].jpg 3370 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[38].jpg 2217 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[39].jpg 4948 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].htm 24936 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].jpg 4835 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[40].jpg 4037 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[41].jpg 1920 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[42].jpg 2986 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[4].jpg 2436 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[10].jpg 2631 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[11].jpg 1964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[12].jpg 4737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[13].jpg 3787 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[6].jpg 4277 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[7].jpg 2898 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[8].jpg 3847 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[9].jpg 3144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\notify[1].htm 19 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\P4s-sm[1].jpg 11166 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\PapyrusFrag[1].jpg 16144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\search[1].HTML 4422 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\SenPapEsm[1].jpg 13006 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\seshatdetail1[1].jpg 28050 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Seti[1].jpg 32088 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Stone[1].htm 2551 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Sun4sm[1].jpg 8484 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Udjat[1].jpg 17674 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\q45203612_1694[1].jpg 2498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\QscrOverrides[1].js 3917 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_neigh_9800_v2_728x90_30k[1].gif 20139 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_nanomiddle[1].png 114 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_newly_9800_v2_160x600_30k[1].gif 18594 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_003399bullet[1].gif 55 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q137800444_1710[1].jpg 2432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q27705805_3462[1].jpg 2690 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q43804037_9429[1].jpg 2679 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45201039_659[1].jpg 2497 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45205457_4509[1].jpg 2737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q500297087_8349[1].jpg 2260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\rdc_expandmiddle[1].png 168 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\RDC_PleaseWaitIcon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\qbal3_wht[1].gif 235 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\reclinks_rtcnr[1].gif 52 bytesC:\Documents and Settings\Guest\RecentC:\Documents and Settings\Guest\Recent\Casey Price.lnk 559 bytesC:\Documents and Settings\Guest\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Guest\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Guest\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Heather\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!C:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\FavoritesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\playlist.dat 5645 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\sndfind.dat 1817 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloadsC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05\25dc877b-4f450ba7-96137012-ddd6010a.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\01C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10\4a4196e4-f38ef58d-fbdde8f8-d305e547.qtch 360000 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\03C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\13C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05\c5e041df-d2db2150-102410e7-d48d4696.qtch 0 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15\cff4d7f6-4a04903d-4c3af0ca-3885f54f.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\10C:\Documents and Settings\Heather\Local Settings\Temp\qdiagd.log 159 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qdiagd_2.log 120 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qttwwgpv.dll 106516 bytes executableC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LUN8DIZ\records_DoraDanceFiesta_728[1].gif 42972 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\quick_search_hdr_ptv[1].gif 768 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\QNCK_dora_logo[1].gif 1465 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\recordFlashVersion[1].js 386 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\QNCK_dora_text[1].gif 2126 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\query[1].js 155 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\records_LazyTownCD_new_728[1].gif 37014 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K16JS1EZ\questionmark[1].gif 342 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\quiz1430outcome1[1].jpg 34002 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz588outcome5[1].jpg 65919 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz917outcome1[1].jpg 15960 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2ZKJ6PSJ\qnd9[1].jpg 11183 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\49YB85AB\Q3national728[1].html 1123 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6K1A71GH\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\qEg[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\quote_begin._V51923589_[1].gif 108 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\recent[2].bmp 1082 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\A70DMTKV\quiz1260outcome3[1].jpg 17769 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AKX1ZJBB\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\QQ3DuQ[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\EJCB5U6K\qw7907_mmc_4pb_9state_select_728x90_20k[1].gif 8297 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\Q306_6039_core_728x90_noecc_1500_t309[1].swf 13855 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\quote42gb[1].png 18306 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GLG78FW7\quiz1442outcome3[1].jpg 53466 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GNIBIYSG\RecentSearch_2[1].js 5854 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\q37296498[1].gif 2233 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quote[1].gif 24573 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1233outcome4[1].jpg 10111 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\LVAU6BY5\qw8366_mmc_dsl_deck_2699_728x90_30k[1].gif 12874 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\questionmark[1].gif 76 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\q[1].swf 7203 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\QxyMg4rwXFqW3xBlRCbIjHG3I44lGwJXk1i0z3Dig9tdE7J47r[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\NA7GSJ0R\quotebankjobshot[1].gif 18885 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\O9250HAZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\q1145467115296[1].txt 5135 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome4[1].jpg 43525 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\recentlyaddedlayouts[1].jpg 1019 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\SDEZSP2Z\quote_end._V51923589_[1].gif 109 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\q+iDtkzwisegSCysE7jY0C9MshwM9o0tf1iCObBR0NESFyGbNeh62lula9ctwdDj[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\UFPBYVF0\quiz[1].jpg 2339 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev-1[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\V1G81WT8\quiz794outcome4[1].jpg 20291 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quoteforgirls[1].jpg 22013 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qm8U+ic62TJYfju[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\rdY+mPR[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quiz1432outcome2[1].jpg 40165 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quote3bx4ev[1].jpg 12869 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quizilla300x125[1].gif 9535 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\rectangles[1].gif 12697 bytesC:\Documents and Settings\Heather\RecentC:\Documents and Settings\Heather\Recent\Clouds.lnk 674 bytesC:\Documents and Settings\Heather\Recent\Heather Heidrich Per.lnk 610 bytesC:\Documents and Settings\Heather\Recent\015812.lnk 845 bytesC:\Documents and Settings\Heather\Recent\020038.lnk 845 bytesC:\Documents and Settings\Heather\Recent\023510.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032746.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032754.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032806.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040019.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040201.lnk 845 bytesC:\Documents and Settings\Heather\Recent\0402120026.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0402130038.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0403140012.lnk 867 bytesC:\Documents and Settings\Heather\Recent\10-24-2005 10;19;38AM.lnk 771 bytesC:\Documents and Settings\Heather\Recent\173410620_l.lnk 699 bytesC:\Documents and Settings\Heather\Recent\2004_0103(001).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0103(002).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0106(005).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0112(047).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_1231Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0011.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0026.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0032.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0040.lnk 907 bytesC:\Documents and Settings\Heather\Recent\Anne.lnk 682 bytesC:\Documents and Settings\Heather\Recent\aqk.lnk 655 bytesC:\Documents and Settings\Heather\Recent\casey and ann.lnk 831 bytesC:\Documents and Settings\Heather\Re

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 25, 2008, 11:46:20 PM »

C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[2].htm 544 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[3].htm 1185 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[4].htm 544 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[5].htm 1149 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[8].htm 1049 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[9].htm 1294 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543118rs[1].jpg 3447 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543138wv[1].jpg 2221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543198ms[1].jpg 1962 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543233wm[1].jpg 2796 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543250ia[1].jpg 2443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543266al[1].htm 352 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265739254327io[1].jpg 3073 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543307vf[1].jpg 2842 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543336rl[1].jpg 3119 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543360ki[1].jpg 2312 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543403rf[1].jpg 2449 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265739254369cf[1].jpg 3076 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855101ad[1].jpg 2466 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855112ol[1].jpg 1354 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742285514nj[1].jpg 3001 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855162sh[1].jpg 3505 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855180gl[1].jpg 3764 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855216mq[1].jpg 2257 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855227og[1].jpg 2692 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855285mo[1].jpg 1899 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855312lk[1].jpg 2879 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397302gm[1].jpg 1185 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973115ro[1].jpg 1187 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973123ao[1].jpg 4093 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973156gl[1].jpg 2979 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973203ev[1].jpg 1972 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397320zz[1].jpg 3248 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973226hx[1].jpg 4091 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973245sa[1].jpg 1560 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973290xr[1].jpg 2847 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973363ng[1].jpg 4645 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973394zx[1].jpg 3417 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397349ac[1].jpg 2624 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397354bk[1].jpg 4007 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252659386304182ec[1].jpg 10468 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[7].htm 711 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[8].htm 711 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[9].htm 711 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[10].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[11].swf 0 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[12].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[1].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[2].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[3].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[4].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[5].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[6].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[7].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[8].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[9].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\misti[1].jpg 82862 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\module2_MickeyMouseClubhouse[1].swf 3885 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664275114_m[1].jpg 4306 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664644116_s[1].jpg 1372 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664656545_l[1].jpg 26416 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664658446_m[1].jpg 2974 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664960555_m[1].jpg 1868 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664963607_s[1].jpg 1262 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665107054_s[1].jpg 1790 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665162004_l[1].jpg 95675 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665188051_l[1].jpg 86983 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665196888_s[1].jpg 2070 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665229771_l[1].jpg 28213 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\683754331_s[1].jpg 2677 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\70015357944400dd93b450[1].swf 15242 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\71[1].gif 2959 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\iloveu2[1].ani 11305 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[21].htm 17513 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[38].htm 12385 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[52].htm 20657 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\legalfooter[1].js 7162 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[6].htm 710 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\motion[1].js 5667 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspace-codes-comments-1[1].gif 23520 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons252[1].gif 2389 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav_aboutus[1].gif 1994 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\647770038_l[1].jpg 87859 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\648642597_m[1].jpg 3727 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\651096659_s[1].jpg 2229 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\651705286_s[1].jpg 1606 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\652999715_l[1].jpg 12420 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\653588231_s[1].jpg 2953 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\653643064_s[1].jpg 2506 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654424015_s[1].jpg 1450 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654589035_s[1].jpg 2233 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654627410_s[1].jpg 1892 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654717842_m[1].jpg 3777 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654896975_s[1].jpg 1619 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\655065182_l[1].jpg 17690 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\34[2].js 408 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\361943889_s[1].jpg 1586 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\363026449_m[1].jpg 7450 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\36[1].js 387 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\379326189_s[1].jpg 4038 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\379577450_s[1].jpg 3378 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\386615415_m1[1].jpg 4973 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\387064228_m1[1].jpg 4603 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\389827812_s[1].jpg 2229 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\392456929_m1[1].jpg 5883 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\smileystuff3a[1].gif 289 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\smilplayer[1].swf 71501 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\snowboardingstrip[1].jpg 46538 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\sorting[1].js 896 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\sponsorsGlobal[1].js 2216 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\springFS0406_728x90[1].gif 30469 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\star[1].gif 515 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\star_med3[1].png 592 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\allamericanrejects9xn[1].jpg 11611 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\already-found[1].jpg 3361 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\AnimationBrunettePic[1].gif 11408 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\asldata[1].js 139 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[1].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[2].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[3].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[4].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\newfridge[1].swf 37832 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\newyork[1].jpg 3146 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nexlw8[1].gif 15032 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nopony[1].jpg 21076 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\notes[1].swf 6454 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nothing_but_net_compact[1].png 2343 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\o.kobewall2[1].jpg 243505 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\580016242_s[1].jpg 1474 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\582115481_s[1].jpg 1833 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\582208543_l[1].jpg 32650 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\582208543_m[1].jpg 4399 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\584388202_m[1].jpg 4388 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\584679498_m[1].jpg 3004 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\585890344_s[1].jpg 2105 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\586074461_m[1].jpg 5221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\586074461_s[1].jpg 2211 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\590005239_s[1].jpg 1200 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[10].htm 15283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[12].htm 12272 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[13].htm 12337 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[14].htm 10401 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[15].htm 12979 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[16].htm 174234 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[17].htm 17906 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[18].htm 12316 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[19].htm 16578 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[1].bmp 76854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[1].cfm 3932 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[1].htm 84733 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[20].htm 12545 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126328yq[1].jpg 3047 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126354iy[1].jpg 2050 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126410mz[1].jpg 2802 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1743312646bl[1].jpg 1873 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1743312667ir[1].jpg 1708 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1941287032nt[1].jpg 32763 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1941287041ni[1].jpg 20879 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1941287057lx[1].jpg 2401 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\1687674949443e6b7a3f3df[1].swf 16331 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\16[2].js 304 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[1].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[2].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[3].swf 5555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[4].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[5].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[6].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\17458708774420569021833[1].gif 47330 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\TitleBar[1].swf 970 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\top_r[1].png 246 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\whatsnew[1].gif 593 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\whereswilma[1].swf 44681 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\write_review[1].png 2209 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\www.alycedesigns[1].bmp 1082 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\www2.webrewardscentral[1].htm 16266 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xadvise12[1].gif 2234 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xadvise36[1].jpg 11345 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xadvise3[1].jpg 13737 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663195627_s[1].jpg 2240 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663301591_s[1].jpg 1534 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663389830_m[1].jpg 3642 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663396115_m[1].jpg 4008 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663487198_l[1].jpg 15161 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663672085_s[1].jpg 3032 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663749584_s[1].jpg 2159 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663783107_s[1].jpg 2737 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664160999_s[1].jpg 2913 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664183290_l[1].jpg 22869 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664183290_s[1].jpg 1443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\655917633_s[1].jpg 3149 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656826325_m[1].jpg 3004 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656830503_m[1].jpg 4291 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656874108_l[1].jpg 27537 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656892494_m[1].jpg 4192 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\657071333_l[1].jpg 46257 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\657911170_s[1].jpg 1567 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658345102_m[1].jpg 4522 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658429637_s[1].jpg 1976 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658442237_s[1].jpg 2076 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658496421_s[1].jpg 1793 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658573331_s[1].jpg 1487 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658709675_s[1].jpg 1915 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\659442532_s[1].jpg 4164 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\search[1].png 4171 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\search_dn_en2[1].gif 1791 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\serpentine[1].js 178 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shameScrubberLoader[1].swf 186767 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shanna[1].swf 8511 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shim[1].swf 394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shockwaveError[1].htm 7221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\595627921_s[1].jpg 4993 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\598998927_s[1].jpg 1935 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\599126397_l[1].gif 118833 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59[1].js 664 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\601469281_s[1].jpg 1907 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[22].htm 22541 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[23].htm 15411 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[24].htm 25490 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[25].htm 137547 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[26].htm 18650 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[27].htm 16497 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[28].htm 10885 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[29].htm 39843 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[2].bmp 76854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[2].cfm 4466 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[2].htm 10912 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[30].htm 36242 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[31].htm 10434 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[32].htm 12873 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[33].htm 66777 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[34].htm 19890 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[35].htm 17626 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[36].htm 12499 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[37].htm 10276 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[1].xml 170 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[2].xml 171 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[3].xml 171 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[4].xml 170 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashwrite_1_2[1].js 801 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash[1].xml 6210 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash[2].xml 6014 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash[3].xml 6014 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash_728x90[1].swf 26443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\fl_down_152x27[1].gif 268 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\gamePreplay[1].js 3443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163909xa[1].jpg 33215 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163919kt[1].jpg 44967 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163926ch[1].jpg 46146 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163947ss[1].jpg 61541 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163952et[1].jpg 62143 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163968re[1].jpg 32126 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1738875579hf[1].jpg 28413 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1743312600ll[1].jpg 2772 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126108yq[1].jpg 3013 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\642992042_m[1].jpg 4593 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\644334555_s[1].jpg 1653 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645480744_s[1].jpg 1111 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645917445_s[1].jpg 2725 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645926667_m[1].jpg 6228 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645961010_s[1].jpg 1782 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\646075258_s[1].jpg 2214 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\646254867_m[1].jpg 4807 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\647019299_s[1].jpg 3538 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\647347904_s[1].jpg 1777 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\720_728x90_20062148225[1].htm 684 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\7388755_bb7518ae1143437388[1].jpg 12485 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\75[1].js 175 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\79[1].js 2196 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\830808764440125c3968d[1].swf 30204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\830808764440125c3968d[2].swf 30204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\830808764440125c3968d[3].swf 30204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\83[2].js 2204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\87[2].js 487 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\523774933_s[1].jpg 3157 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\524389699_s[1].jpg 3932 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\525715746_m[1].jpg 10543 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\533631798_s[1].jpg 1694 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\535322479_s[1].jpg 1815 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\537785254_m[1].jpg 4309 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\547705422_s[1].jpg 3536 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\553188822_s[1].jpg 3039 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\19619816394426db5050644[1].swf 7836 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\1[1] 8433 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\1[1].gif 7978 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2005_0822Image0167[1].jpg 143153 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2005_0823Image0037[1].jpg 123804 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\21cd997760f44b345185ee00824dd5b1[1].gif 22292 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2259[1].jpg 1854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\247914895_m1[1].jpg 7773 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2482[1].jpg 2059 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\25364582443d1fec67e19[1].swf 19871 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2546[1].jpg 1798 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2686[1].jpg 3564 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2736[1].jpg 2551 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\436261000_s[1].jpg 1762 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\437475602_s[1].jpg 1633 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\445009371_s[1].jpg 1858 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\449123034_m[1].jpg 8033 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\4544951743ed0a9e6c5f1[1].gif 50834 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\470042339_s[1].jpg 2176 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471162189_m[1].jpg 5394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471172524_l[1].jpg 46475 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471255030_l[1].jpg 27947 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471266819_s[1].jpg 3274 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\474249886_s[1].jpg 3001 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\48186052441831d38ae7d[1].swf 14199 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\playhouseUrls[1].txt 3720 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\playhouse_breadcrumb[1].js 4991 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\pop[1].8&c=13 6316 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\PostAComment[1].htm 9805 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\PreloadList[1].ini 35 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\print_and_play[1].htm 5796 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\PRX_9959_brand_phase1_160x600_25k[1].gif 25450 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\p[1].gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\quadrow_highlight[1].png 5174 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[39].htm 12616 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[3].bmp 76854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[3].cfm 4165 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[3].htm 40300 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[40].htm 12328 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[41].htm 21063 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[42].htm 18672 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[43].htm 19405 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[44].htm 40623 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[45].htm 22458 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[46].htm 10915 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[47].htm 36258 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[48].htm 12605 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[49].htm 12485 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[4].bmp 1082 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[4].htm 5809 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[50].htm 91178 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[51].htm 36244 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res1[1].jpg 13877 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res1[2].jpg 15303 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res3[1].jpg 7144 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res4[1].jpg 11972 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CACXE78L.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAD88Z55.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CADOZMN3.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAE7012V.htm 1887 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAER41EN.htm 3671 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAHCCJPH.swf 36470 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAHRB9SG.swf 26739 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAI385IZ.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\open-3[1].jpg 4486 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[1] 757 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[1].gif 45719 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[2] 394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[3] 394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[4] 395 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[5] 494 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[6] 494 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[7] 1137 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[8] 1131 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[9] 1064 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[1] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[2] 4166 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[3] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[4] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[5] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Site_WS;MN=93211700;wm=o;rm=1;!c=d-pnd;!c=d-pps;dcopt=ist;sz=300x250;tile=1;dcove=d;ord=695500353[2] 1375 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126274ou[1].jpg 1708 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973179id[1].jpg 2361 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\trip_plus_high_scores_bkg[1].png 28729 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\WebResource[2].axd 21011 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xlove138[1].jpg 4781 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664272624_l[1].jpg 30200 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662128355_s[1].jpg 1529 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662251007_s[1].jpg 1835 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662277488_s[1].jpg 1514 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662406330_s[1].jpg 1847 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662528356_s[1].jpg 1641 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662582302_s[1].jpg 2371 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662709643_s[1].jpg 2105 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662758585_s[1].jpg 2556 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662927596_m[1].jpg 3765 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663079843_s[1].jpg 2244 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663107133_s[1].jpg 1963 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\71[2].js 170 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\adopt[1].htm 3329 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAAZ0DIF.swf 13227 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAI569G9.swf 9632 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAW1QHNW.htm 1605 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Com_Mess;MN=93189867;wm=o;rm=1;af1=1;ua=20;ug=2;sz=120x90;tile=1;dcove=d;or
d=548456310[2] 491 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\global[1].css 16424 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[11].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[1].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[2].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[3].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[4].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[5].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[6].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[7].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[8].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[9].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\592362618_s[1].jpg 2909 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons26[1].gif 12917 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons68[1].gif 6862 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons75[1].gif 10807 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons77[1].gif 23221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons86[1].gif 1925 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\NapsterMyspace160x600[1].html 1180 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav2[1].swf 69830 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav[2].swf 43628 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav[3].swf 43628 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons121[1].gif 81694 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons129[1].gif 7861 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons136[1].gif 5597 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons141[1].gif 2308 bytes
C:\Documents and Settings\Meghan\Local Setting

Tech Clinic / My Fiance's Parents' Computer...nightmare

« on: May 25, 2008, 11:43:13 PM »

Here is the file you asked for; however, hijackthis doesn't seem to want to save the logfile that you requested in the Uninstall Manager. Instead it simply closes the application. Also, I have to cut this reply in half as the page has informed me that the post is too long. HAXFIX logfile - by Marckieversion 5.01.1Sun 05/25/2008 22:18:47.40running from C:\HaxFix--- Checking for Haxdoor ---checking for a3d filesa3d files found ps.a3dchecking for matching notify keysno matching notify keys found checking for matching servicesmatching services foundpptp32pptp64 checking for matching safeboot servicesmatching safeboot services foundpptp32.syspptp64.sys--- Checking for Goldun ---checking for SSODL keysno ssodl keys foundchecking for notify keysno notify keys foundchecking for servicesno services foundchecking iexplore.exeiexplore.exe is not infected --- Checking for other Goldun and Haxdoor files ---C:\WINDOWS\system32\klo5.sys--- Catchme logfile - thank you Gmer ---catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-25 22:19:04Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]"TracesProcessed"=dword:0000013ascanning hidden files ...C:\327882R2FWJFW\Qoo.bat 3398 bytesC:\ComboFix\QooBox-temp.dat 50598 bytesC:\ComboFix\test\qhdtvv.dll 0 bytesC:\ComboFix\test\rdrVR2.dll 0 bytesC:\DELL\MEDIAEXE\Media\I386\QAPPSRV.EX_ 9078 bytesC:\DELL\MEDIAEXE\Media\I386\QASF.DL_ 97269 bytesC:\DELL\MEDIAEXE\Media\I386\QCAP.DL_ 84711 bytesC:\DELL\MEDIAEXE\Media\I386\QDV.DL_ 99486 bytesC:\DELL\MEDIAEXE\Media\I386\QDVD.DL_ 175899 bytesC:\DELL\MEDIAEXE\Media\I386\QEDIT.DL_ 231408 bytesC:\DELL\MEDIAEXE\Media\I386\QEDWIPES.DL_ 371599 bytesC:\DELL\MEDIAEXE\Media\I386\QL1080.SY_ 22761 bytesC:\DELL\MEDIAEXE\Media\I386\QL12160.SY_ 25938 bytesC:\DELL\MEDIAEXE\Media\I386\QMARK.GI_ 2578 bytesC:\DELL\MEDIAEXE\Media\I386\QMGR.IN_ 1951 bytesC:\DELL\MEDIAEXE\Media\I386\QMGRPRXY.DL_ 7187 bytesC:\DELL\MEDIAEXE\Media\I386\QOSCONW.CH_ 5068 bytesC:\DELL\MEDIAEXE\Media\I386\QPROCESS.EX_ 10623 bytesC:\DELL\MEDIAEXE\Media\I386\QUATTRO.WB_ 1934 bytesC:\DELL\MEDIAEXE\Media\I386\QUERY.EX_ 5106 bytesC:\DELL\MEDIAEXE\Media\I386\QUSER.EX_ 8886 bytesC:\DELL\MEDIAEXE\Media\I386\RDBSS.SY_ 85602 bytesC:\DELL\MEDIAEXE\Media\I386\RDCHOST.DL_ 59506 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCDD.SY_ 2141 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCFGEX.DL_ 1361 bytesC:\DELL\MEDIAEXE\Media\I386\RDPDD.DL_ 44858 bytesC:\DELL\MEDIAEXE\Media\I386\RDPSND.DL_ 10019 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWD.SY_ 67700 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWSX.DL_ 36977 bytesC:\DELL\MEDIAEXE\Media\I386\RDSADDIN.EX_ 6669 bytesC:\DELL\MEDIAEXE\Media\I386\RDTONE.HT_ 1239 bytesC:\DELL\MEDIAEXE\Media\I386\RECAGENT.SY_ 7113 bytesC:\DELL\MEDIAEXE\Media\I386\RECOVER.EX_ 3228 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.CH_ 11578 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.WA_ 18680 bytesC:\DELL\MEDIAEXE\Media\I386\QL1280.SY_ 27359 bytesC:\DELL\MEDIAEXE\Media\I386\QWINSTA.EX_ 10386 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcffC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\bs.html 1861 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\htmlC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkInformation.html 2704 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkoutNow.html 4947 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\imagesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\animatedDots.gif 28661 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\blueBackground.gif 1527 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\btn-dont-show.gif 316 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\cancel.gif 806 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\checkoutNowButton.gif 953 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\clear.gif 43 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image1.gif 4425 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image2.gif 77227 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\ok.gif 945 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\pleaseHeadline.gif 398 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\qc_brand.gif 4934 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\quickcheckLogo.gif 1816 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonNo.gif 1221 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonRemind.gif 928 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonYes.gif 979 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registrationPopupHeadline.gif 1729 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\sign_up.gif 2097 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\simplifyHeadline.gif 656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\qcff_signup_moreinfo.html 3504 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\QCRegistration1_1.html 5297 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\retrieveInformation.html 1907 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scriptsC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Engine.js 3288 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\FormFill.js 8670 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\IntelliFill.js 30296 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffConf.js 1616 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffDriver.js 9839 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffHtml.js 453 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLib.js 6540 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLists.js 1476 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffSites.js 1529 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffTxnSeqDetector.js 2482 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUnmappedList.js 8916 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUserLib.js 2656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\qpt_main.js 3340 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Request.js 1685 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\RulesInfo.js 7573 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\TEAOClient.js 4874 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTime.qtp 10367 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\qdiagocx.js 1919 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\QuarantineC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\adv479[1].MCQ 715 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 4232 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 5486 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\QueueC:\Documents and Settings\All Users\Application Data\QuickTimeC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTime.qtp 10339 bytesC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsbm.bmp 372 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsim.bmp 276 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsy.bmp 256 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsyma.bmp 288 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!C:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow Help.lnk 551 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow!.lnk 1857 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 683 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Default User\RecentC:\Documents and Settings\Default User\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Default User\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Default User\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Guest\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qb3A5.tmp 0 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qbogvyat.dll 86036 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\qdiagd.log 120 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qgqoexcc.dll 45525 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qnUVy7y6UAr1+c4ZAQbYziwBdPTurtZJqpzOoEKQDL6cR1WU35fxLRP07pFglsNR[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qdwZZQPdDaemyLdW6zrGMDHDo3zQCUAvtS8fpypccoFAGaeBH1hFeXnp++GZsRYw[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\Q[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\QDcZwy5VV8be++sHFO5aNZfZE5gKLfvmei93nTibUgel1jEWzUk9HYwffQgbmyO1[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quote[1].gif 29349 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MR8HIJ\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\qArurV8mGf0bqCcHRpzxVx[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\QnHbaghb43gdnlytM1JeB+uwf1QoiIjOyecVH+hp6A8DqBZ5mTS6xq0nY[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quRPaOT5MbVddJlDCJVas8g2vmyO9eqJEcV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\W3S3CL45\q51374820[1].png 10788 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qq84tvVupTJI9NcaIn76TXmVSTQg0mrtiE0gt[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qyjtheg29wht2CkOsBigDOTDWu[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\qsscreen[1].gif 934 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quant[3].js 2688 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quill[1].txt 100 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recent[1].js 324 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recommendedvideos[1].htm 7899 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\1D5AVNXA\Recovery_Design_small_1642774194219[1].jpg 3990 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\questionSmall[1].jpg 15318 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\rec_thumbup_gray_sml[1].gif 583 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\Recovery_Armband_small_1974594820678[1].jpg 3981 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\qtobject[1].js 3514 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\Quiksilver-02[1].gif 1410 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\qt_lo_1[1].gif 68 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\recharge[1].jpg 13519 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\quiz[1].jpg 2339 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q122900650_8854[1].jpg 2466 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q20608714_5279[1].jpg 2373 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q43808713_3593[1].jpg 2655 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q45204789_1978[1].jpg 2930 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_neigh_9800_v2_160x600_30k[1].gif 19145 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_newly_9800_v2_728x90_30k[1].gif 19046 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\recent[1].htm 4555 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\rdc_pleasewaiticon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\QBMS_Benefits_v1_300x250[1].gif 19038 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\quill[1].swf 132408 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\rec_thumb_down_sml[1].gif 576 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quant[1].js 2259 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quote_box_center[1].gif 104 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\quentin_tarantino_spits_on_a_reporter[1].jpg 7076 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\reclinks_ltcnr[1].gif 52 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\question_mark[1].gif 272 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q145700153_8659[1].jpg 2001 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q19228185_4114[1].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501050443_7228[1].jpg 2700 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501664432_4369[1].jpg 2345 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q513675668_8153[1].jpg 2009 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q878540082_7179[1].jpg 2569 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_blacksolidarrow[1].gif 77 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_headertitle[1].gif 3094 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\recommended_videos[1].htm 28800 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\qualityhealth[1].bmp 432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\rec_thumb_up_sml[1].gif 568 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH2ZOHAN\quote_box_top[1].gif 368 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH6VSTQF\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quote_box_bottom[1].gif 369 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz275outcome1[1].jpg 18051 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MYZVDCNB\rectest[1].htm 11388 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OXANOD6Z\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\ql[1].css 2014 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\reclinks_titlebar[1].jpg 95 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXLC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[14].jpg 3834 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].htm 24130 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[5].jpg 3725 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\AmonRa2[1].jpg 15828 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAG52BWH.htm 1220 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAQNJWEK.jpg 7964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\counter[1].gif 715 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\desktop.ini 67 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Djn[1].jpg 7561 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\doodlecolour[1].jpg 128073 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\geov2_001[1].js 662 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[15].jpg 3702 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[16].jpg 3450 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[17].jpg 3498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[18].jpg 3412 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[19].jpg 2767 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].htm 24196 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].jpg 3892 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[20].jpg 2807 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[21].jpg 2513 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[22].jpg 1743 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[23].jpg 3365 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[24].jpg 1531 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[25].jpg 3209 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[26].jpg 1941 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[27].jpg 3616 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[28].jpg 4827 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[29].jpg 3539 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].jpg 4223 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[30].jpg 3578 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[31].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[32].jpg 3759 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[33].jpg 4032 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[34].jpg 4430 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[35].jpg 2281 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[36].jpg 5363 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[37].jpg 3370 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[38].jpg 2217 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[39].jpg 4948 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].htm 24936 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].jpg 4835 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[40].jpg 4037 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[41].jpg 1920 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[42].jpg 2986 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[4].jpg 2436 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[10].jpg 2631 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[11].jpg 1964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[12].jpg 4737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[13].jpg 3787 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[6].jpg 4277 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[7].jpg 2898 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[8].jpg 3847 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[9].jpg 3144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\notify[1].htm 19 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\P4s-sm[1].jpg 11166 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\PapyrusFrag[1].jpg 16144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\search[1].HTML 4422 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\SenPapEsm[1].jpg 13006 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\seshatdetail1[1].jpg 28050 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Seti[1].jpg 32088 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Stone[1].htm 2551 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Sun4sm[1].jpg 8484 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Udjat[1].jpg 17674 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\q45203612_1694[1].jpg 2498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\QscrOverrides[1].js 3917 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_neigh_9800_v2_728x90_30k[1].gif 20139 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_nanomiddle[1].png 114 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_newly_9800_v2_160x600_30k[1].gif 18594 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_003399bullet[1].gif 55 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q137800444_1710[1].jpg 2432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q27705805_3462[1].jpg 2690 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q43804037_9429[1].jpg 2679 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45201039_659[1].jpg 2497 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45205457_4509[1].jpg 2737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q500297087_8349[1].jpg 2260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\rdc_expandmiddle[1].png 168 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\RDC_PleaseWaitIcon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\qbal3_wht[1].gif 235 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\reclinks_rtcnr[1].gif 52 bytesC:\Documents and Settings\Guest\RecentC:\Documents and Settings\Guest\Recent\Casey Price.lnk 559 bytesC:\Documents and Settings\Guest\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Guest\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Guest\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Heather\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!C:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\FavoritesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\playlist.dat 5645 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\sndfind.dat 1817 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloadsC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05\25dc877b-4f450ba7-96137012-ddd6010a.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\01C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10\4a4196e4-f38ef58d-fbdde8f8-d305e547.qtch 360000 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\03C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\13C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05\c5e041df-d2db2150-102410e7-d48d4696.qtch 0 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15\cff4d7f6-4a04903d-4c3af0ca-3885f54f.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\10C:\Documents and Settings\Heather\Local Settings\Temp\qdiagd.log 159 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qdiagd_2.log 120 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qttwwgpv.dll 106516 bytes executableC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LUN8DIZ\records_DoraDanceFiesta_728[1].gif 42972 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\quick_search_hdr_ptv[1].gif 768 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\QNCK_dora_logo[1].gif 1465 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\recordFlashVersion[1].js 386 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\QNCK_dora_text[1].gif 2126 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\query[1].js 155 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\records_LazyTownCD_new_728[1].gif 37014 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K16JS1EZ\questionmark[1].gif 342 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\quiz1430outcome1[1].jpg 34002 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz588outcome5[1].jpg 65919 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz917outcome1[1].jpg 15960 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2ZKJ6PSJ\qnd9[1].jpg 11183 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\49YB85AB\Q3national728[1].html 1123 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6K1A71GH\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\qEg[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\quote_begin._V51923589_[1].gif 108 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\recent[2].bmp 1082 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\A70DMTKV\quiz1260outcome3[1].jpg 17769 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AKX1ZJBB\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\QQ3DuQ[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\EJCB5U6K\qw7907_mmc_4pb_9state_select_728x90_20k[1].gif 8297 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\Q306_6039_core_728x90_noecc_1500_t309[1].swf 13855 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\quote42gb[1].png 18306 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GLG78FW7\quiz1442outcome3[1].jpg 53466 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GNIBIYSG\RecentSearch_2[1].js 5854 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\q37296498[1].gif 2233 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quote[1].gif 24573 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1233outcome4[1].jpg 10111 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\LVAU6BY5\qw8366_mmc_dsl_deck_2699_728x90_30k[1].gif 12874 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\questionmark[1].gif 76 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\q[1].swf 7203 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\QxyMg4rwXFqW3xBlRCbIjHG3I44lGwJXk1i0z3Dig9tdE7J47r[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\NA7GSJ0R\quotebankjobshot[1].gif 18885 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\O9250HAZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\q1145467115296[1].txt 5135 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome4[1].jpg 43525 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\recentlyaddedlayouts[1].jpg 1019 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\SDEZSP2Z\quote_end._V51923589_[1].gif 109 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\q+iDtkzwisegSCysE7jY0C9MshwM9o0tf1iCObBR0NESFyGbNeh62lula9ctwdDj[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\UFPBYVF0\quiz[1].jpg 2339 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev-1[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\V1G81WT8\quiz794outcome4[1].jpg 20291 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quoteforgirls[1].jpg 22013 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qm8U+ic62TJYfju[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\rdY+mPR[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quiz1432outcome2[1].jpg 40165 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quote3bx4ev[1].jpg 12869 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quizilla300x125[1].gif 9535 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\rectangles[1].gif 12697 bytesC:\Documents and Settings\Heather\RecentC:\Documents and Settings\Heather\Recent\Clouds.lnk 674 bytesC:\Documents and Settings\Heather\Recent\Heather Heidrich Per.lnk 610 bytesC:\Documents and Settings\Heather\Recent\015812.lnk 845 bytesC:\Documents and Settings\Heather\Recent\020038.lnk 845 bytesC:\Documents and Settings\Heather\Recent\023510.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032746.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032754.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032806.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040019.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040201.lnk 845 bytesC:\Documents and Settings\Heather\Recent\0402120026.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0402130038.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0403140012.lnk 867 bytesC:\Documents and Settings\Heather\Recent\10-24-2005 10;19;38AM.lnk 771 bytesC:\Documents and Settings\Heather\Recent\173410620_l.lnk 699 bytesC:\Documents and Settings\Heather\Recent\2004_0103(001).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0103(002).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0106(005).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0112(047).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_1231Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0011.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0026.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0032.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0040.lnk 907 bytesC:\Documents and Settings\Heather\Recent\Anne.lnk 682 bytesC:\Documents and Settings\Heather\Recent\aqk.lnk 655 bytesC:\Documents and Settings\Heather\Recent\casey and ann.lnk 831 bytesC:\Documents and Settings\Heather\Recent\Casey PricePer.lnk 676 bytesC:\Documents and Settings\Heather\Recent\casey.lnk 687 bytesC:\Documents and Settings\Heather\Recent\Heather.lnk 557 bytesC:\Documents and Settings\Heather\Recent\[email protected][1].lnk 1086 bytesC:\Documents and Settings\Heather\Recent\Heathers.lnk 564 bytesC:\Documents and Settings\Heather\R

Pages: [1] 2

TheTechGuide Forum

News:

Show Posts

Messages - wisdom_of_trees

Tech Clinic / Computer won't connect via ethernet

Tech Clinic / can't remove coupondropdown

Tech Clinic / can't remove coupondropdown

Tech Clinic / can't remove coupondropdown

Tech Clinic / can't remove coupondropdown

Tech Clinic / can't remove coupondropdown

Tech Clinic / Infected by Antivirus Live

Tech Clinic / Infected by Antivirus Live

Tech Clinic / Infected by Antivirus Live

Tech Clinic / Computer shuts off...on its own

Hardware / Computer not recognizing RCA input

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare

Tech Clinic / My Fiance's Parents' Computer...nightmare