Author Topic: My Fiance's Parents' Computer...nightmare (Read 910 times)

wisdom_of_trees · « **on:** May 24, 2008, 10:10:35 PM »

My fiance's teenage siblings have downloaded unbelievable amounts of junk onto the family computer. So I decided to try and clean it up during the memorial day weekend. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:51 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\HEIDRI~1\MYDOCU~1\ASKS~1\wuauboot.exe
C:\WINDOWS\?dobe\n?lookup.exe
C:\WINDOWS\system32\tcigrhco.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/english/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...UXL1TSFenbSg9M=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...SkghGcsUWkK4Oo=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\HEIDRI~1\MYDOCU~1\ASKS~1\wuauboot.exe" -vt tzt
O4 - HKCU\..\Run: [Bbffnfj] C:\WINDOWS\?dobe\n?lookup.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: winupdt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: winupdt.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm086YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199658369254
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tcigrhco.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5529 bytes

guestolo · « **Reply #1 on:** May 24, 2008, 11:31:30 PM »

Can you do the following for me please
Download this file - Combofix.exe and save it ONLY to your desktop

Don't run it yet
Physically disconnect the internet cable connection to your computer

Afterwards
Double click combofix.exe & follow the prompts.
Click YES to allow to run when prompted, normally this fix takes anywhere from 10 to 20 minutes
IF prompted that ComboFix needs to reboot the computer
Allow it too, even if it appears that it stalls
Back in Windows, ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

After ComboFix runs, and after it log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer

Post back the log from ComboFix along with a fresh hijackthis log

wisdom_of_trees · « **Reply #2 on:** May 25, 2008, 10:39:47 PM »

ComboFix 08-05-25.3 - Heidrichs 2008-05-25 21:28:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.82 [GMT -6:00]
Running from: C:\Documents and Settings\Heidrichs\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp_new
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp_new
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\U19813914.exe
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Free
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Free\DriveCleaner HomePage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Free\DriveCleaner Online Manual.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Free\DriveCleaner Online Support.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Free\DriveCleaner.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Free\Uninstall DriveCleaner.lnk
C:\Documents and Settings\Guest\Application Data\CROSOF~1.NET
C:\Documents and Settings\Guest\Application Data\CROSOF~1.NET\??crosoft.NET\
C:\Documents and Settings\Guest\Application Data\CROSOF~1.NET\tracert.exe
C:\Documents and Settings\Guest\Application Data\DriveCleaner Free
C:\Documents and Settings\Guest\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Guest\Application Data\Starware316
C:\Documents and Settings\Guest\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Guest\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Guest\err.log
C:\Documents and Settings\Heather\Application Data\DriveCleaner Free
C:\Documents and Settings\Heather\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Heather\err.log
C:\Documents and Settings\Heidrichs\Application Data\DOBE~1
C:\Documents and Settings\Heidrichs\Application Data\DriveCleaner Free
C:\Documents and Settings\Heidrichs\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Heidrichs\Application Data\ICROSO~1
C:\Documents and Settings\Heidrichs\Application Data\PPATCH~1
C:\Documents and Settings\Heidrichs\Application Data\Starware316
C:\Documents and Settings\Heidrichs\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Heidrichs\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Heidrichs\Application Data\WNSXS~1
C:\Documents and Settings\Heidrichs\Desktop\installer_en.exe
C:\Documents and Settings\Heidrichs\Desktop\WinAntiVirusPro2007FreeInstall.exe
C:\Documents and Settings\Heidrichs\err.log
C:\Documents and Settings\Heidrichs\My Documents\ASKS~1
C:\Documents and Settings\Heidrichs\My Documents\ASKS~1\wuauboot.exe
C:\Documents and Settings\Heidrichs\My Documents\FNTS~1
C:\Documents and Settings\Heidrichs\My Documents\PPPATC~1
C:\Documents and Settings\Heidrichs\My Documents\SMBOLS~1
C:\Documents and Settings\Heidrichs\My Documents\SSEMBL~1
C:\Documents and Settings\Heidrichs\My Documents\SSTEM3~1
C:\Documents and Settings\Heidrichs\My Documents\YMBOLS~1
C:\Documents and Settings\Heidrichs\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Heidrichs\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Heidrichs\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Zach\err.log
C:\Program Files\AntiSpywareMaster
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Program Files\asks~1
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\udcpas.exe
C:\Program Files\Common Files\drivecleaner free\udcsdr.exe
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\tsks~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\crosof~1.net
C:\Program Files\dobe~1
C:\Program Files\dobe~2
C:\Program Files\DriveCleaner Free
C:\Program Files\DriveCleaner Free\Activate.dat
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner Free\Appbase\Far.dat
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner Free\Appbase\LView.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner Free\bnlink.dat
C:\Program Files\DriveCleaner Free\diagnosis.dat
C:\Program Files\DriveCleaner Free\err.log
C:\Program Files\DriveCleaner Free\errors.log
C:\Program Files\DriveCleaner Free\img\button.gif
C:\Program Files\DriveCleaner Free\img\button2.gif
C:\Program Files\DriveCleaner Free\img\header.gif
C:\Program Files\DriveCleaner Free\img\logo.gif
C:\Program Files\DriveCleaner Free\img\spacer.gif
C:\Program Files\DriveCleaner Free\img\top_line.gif
C:\Program Files\DriveCleaner Free\img\top1.jpg
C:\Program Files\DriveCleaner Free\img\top2.jpg
C:\Program Files\DriveCleaner Free\InstHelp.exe
C:\Program Files\DriveCleaner Free\lapv.dat
C:\Program Files\DriveCleaner Free\license.rtf
C:\Program Files\DriveCleaner Free\manual.url
C:\Program Files\DriveCleaner Free\pv.dat
C:\Program Files\DriveCleaner Free\pv.exe
C:\Program Files\DriveCleaner Free\readme.rtf
C:\Program Files\DriveCleaner Free\ScanReport.dat
C:\Program Files\DriveCleaner Free\Schedule.dat
C:\Program Files\DriveCleaner Free\sr.log
C:\Program Files\DriveCleaner Free\support.url
C:\Program Files\DriveCleaner Free\UDC.exe
C:\Program Files\DriveCleaner Free\UDC.xml
C:\Program Files\DriveCleaner Free\UDC6.url
C:\Program Files\DriveCleaner Free\UDC6cw.exe
C:\Program Files\DriveCleaner Free\UDCPChk.dll
C:\Program Files\DriveCleaner Free\unins000.dat
C:\Program Files\DriveCleaner Free\unins000.exe
C:\Program Files\DriveCleaner Free\uninstall.ico
C:\Program Files\DriveCleaner Free\UninstallPage.html
C:\Program Files\DriveCleaner Free\up.dat
C:\Program Files\DriveCleaner Free\updater.dat
C:\Program Files\DriveCleaner Free\vbpv.dat
C:\Program Files\iMeshBar
C:\Program Files\mcroso~1
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\racle~1
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\temp\RKeula2.rtf
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSInst.dll
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\Wallpaper\Guinness Draught.jpg
C:\Program Files\screensavers.com\Wallpaper\Murphys Irish Stout.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\sks~1
C:\Program Files\smbols~1
C:\Program Files\Starware316
C:\Program Files\Starware316\bin\Starware316.dll
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Starware316Uninstall.exe
C:\Program Files\stem~1
C:\Program Files\stem32~1
C:\Program Files\vsadd-in
C:\Program Files\vsadd-in\VSAdd-in_1.dll
C:\Program Files\wnsxs~1
C:\Program Files\ymante~1
C:\WINDOWS\appatc~1
C:\WINDOWS\asks~1
C:\WINDOWS\asks~2
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~2
C:\WINDOWS\dobe~2\n?lookup.exe
C:\WINDOWS\ecurit~1
C:\WINDOWS\icroso~1.net
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall6_90.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\stem32~1
C:\WINDOWS\SYSTEM32\acvrubyv.ini
C:\WINDOWS\system32\ahjrcddj.dll
C:\WINDOWS\SYSTEM32\ajnvrmuj.ini
C:\WINDOWS\system32\apolbjwv.dll
C:\WINDOWS\system32\ayoqvhh.dll
C:\WINDOWS\system32\bmakubfe.dll
C:\WINDOWS\system32\bupagfsv.dll
C:\WINDOWS\system32\cgxshnlr.dll
C:\WINDOWS\system32\cmavpugg.dll
C:\WINDOWS\system32\cqdlquof.dll
C:\WINDOWS\system32\cqynikjo(2).dll
C:\WINDOWS\system32\cvxbbdxe.ini
C:\WINDOWS\system32\debkblhi.ini
C:\WINDOWS\system32\ecoibhca.dll
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\SYSTEM32\efbukamb.ini
C:\WINDOWS\system32\ekwyesjn.ini
C:\WINDOWS\system32\epxkflwo.dll
C:\WINDOWS\system32\ewrgqcam.dll
C:\WINDOWS\system32\eybsoxaa.dll
C:\WINDOWS\system32\fiskntph.dll
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~2
C:\WINDOWS\system32\ghfkuufp.dll
C:\WINDOWS\system32\ghiaudje.dll
C:\WINDOWS\system32\gkrmjmrj.dll
C:\WINDOWS\system32\hponbbab.dll
C:\WINDOWS\system32\hptnksif.ini
C:\WINDOWS\system32\hthkulpo.dll
C:\WINDOWS\system32\icrlispu.dll
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\iexplore.dll
C:\WINDOWS\system32\ikmmcxdd.dll
C:\WINDOWS\system32\jgrkguyp.ini
C:\WINDOWS\system32\jnhhgvei.dll
C:\WINDOWS\system32\jumrvnja.dll
C:\WINDOWS\system32\jwdesgvt.dll
C:\WINDOWS\system32\jxslvyca.dll
C:\WINDOWS\SYSTEM32\kafdaypr.ini
C:\WINDOWS\system32\kkgybuaw.ini
C:\WINDOWS\system32\kuqigkob.dll
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\lhrvtxdj.dll
C:\WINDOWS\system32\lkfpwncu.dll
C:\WINDOWS\system32\llcqfxbe.dll
C:\WINDOWS\system32\lsnhtnbc.dll
C:\WINDOWS\system32\lwkgdsrq.dll
C:\WINDOWS\system32\lxqhwpkf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjhnsadh.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\mxdpbkva.dll
C:\WINDOWS\system32\njseywke.dll
C:\WINDOWS\system32\nlummfhg.dll
C:\WINDOWS\system32\nslookup.dll
C:\WINDOWS\system32\nuilahal.ini
C:\WINDOWS\system32\nuogsefg.dll
C:\WINDOWS\system32\nyaofvsu.dll
C:\WINDOWS\SYSTEM32\olhiorwv.ini
C:\WINDOWS\system32\oplukhth.ini
C:\WINDOWS\system32\oqbmsyej.ini
C:\WINDOWS\system32\owacrdyz.dll
C:\WINDOWS\system32\owejeude.dll
C:\WINDOWS\system32\oxcprsrs.dll
C:\WINDOWS\system32\pcthkyfd.dll
C:\WINDOWS\system32\pdwpdqrv.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pppatc~2
C:\WINDOWS\system32\qgykaetf.ini
C:\WINDOWS\system32\qhdtvv.dll
C:\WINDOWS\system32\qrphfojv.dll
C:\WINDOWS\system32\rdrVR2.dll
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\rpyadfak.dll
C:\WINDOWS\system32\rqwiwnvc.dll
C:\WINDOWS\system32\rtqotnff.ini
C:\WINDOWS\system32\rvmosebi.dll
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\stawxslq.dll
C:\WINDOWS\system32\svvtndey.dll
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\tbdpicev.dll
C:\WINDOWS\system32\tivswrqs.ini
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\uafkdago.dll
C:\WINDOWS\system32\uguirwiw.dll
C:\WINDOWS\system32\umtqilca.dll
C:\WINDOWS\system32\uoiqeeeu.dll
C:\WINDOWS\system32\uqkqjvvn.dll
C:\WINDOWS\system32\usxuicpk.ini
C:\WINDOWS\system32\uvsdxdka.dll
C:\WINDOWS\system32\vhowixid.ini
C:\WINDOWS\system32\vpkxxrin.ini
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vustxgvt.dll
C:\WINDOWS\system32\vwroihlo.dll
C:\WINDOWS\system32\vybiefwf.dll
C:\WINDOWS\system32\vyburvca.dll
C:\WINDOWS\system32\waubygkk.dll
C:\WINDOWS\system32\wdlgbbia.dll
C:\WINDOWS\system32\wkkrgswq.dll
C:\WINDOWS\system32\wnstssu.exe
C:\WINDOWS\system32\wnstssv.exe
C:\WINDOWS\system32\wopadufe.dll
C:\WINDOWS\system32\xaarkfqc.dll
C:\WINDOWS\system32\xbmddoqf.dll
C:\WINDOWS\system32\xcxwxxrf.dll
C:\WINDOWS\system32\xdhnmmsd.dll
C:\WINDOWS\system32\xmfkqtxa.ini
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C421.lfa
2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C420.lfa
2008-05-24 21:10 . 2008-05-24 21:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-23 22:23 . 2008-05-23 22:23   4,286   --a------   C:\WINDOWS\SYSTEM32\Jamster.ico
2008-05-13 05:50 . 2008-05-24 20:18   5,430   --a------   C:\WINDOWS\SYSTEM32\rloci.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 03:03   903,890   --sh--w   C:\WINDOWS\Fonts\xfapft.bak1
2008-05-25 03:02   821,289   --sh--w   C:\WINDOWS\Fonts\xfapft.bak2
2008-05-12 02:52   ---------   d-----w   C:\Documents and Settings\Heidrichs\Application Data\Corel
2008-04-23 04:41   0   -c--a-w   C:\WINDOWS\Fonts\mcrh.tmp
2007-01-23 01:24   337,290   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
2007-01-01 05:00   337,290   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizupd.bin
2006-11-14 01:10   337,290   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizupd.bin
2005-12-05 05:50   280,064   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizhook.bin
2005-09-12 23:19   280,064   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
2005-08-19 07:05   280,064   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizhook.bin
2006-11-23 03:30   712,724   --sh--w   C:\WINDOWS\Fonts\tfpafx.dll
2006-11-17 02:38   751,332   -csh--w   C:\WINDOWS\SYSTEM\apas.bak1
2006-11-23 02:19   765,400   -csh--w   C:\WINDOWS\SYSTEM\apas.bak2
2006-11-10 00:06   712,724   --sh--w   C:\WINDOWS\SYSTEM\sapa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15EE64DD-AB1A-464E-A9A2-E05A143DD24A}]
2006-11-22 21:30   712724   ---hs----   C:\WINDOWS\Fonts\tfpafx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
2005-01-21 08:10   552960   --a------   C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-12-23 13:24   37376   --a------   C:\WINDOWS\system32\xxyxyvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91996F21-D1C7-D167-EE5A-FE8A308528E6}]
2007-10-18 08:22   60928   --a------   C:\WINDOWS\system32\bqbcozem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"Sen"="C:\DOCUME~1\HEIDRI~1\MYDOCU~1\ASKS~1\wuauboot.exe" [ ]
"Bbffnfj"="C:\WINDOWS\?dobe\n?lookup.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\
winupdt.exe [2006-03-27 20:37:35 57007]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\xxyxyvw.dll [2007-12-23 13:24 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfpafx]
C:\WINDOWS\Fonts\tfpafx.dll 2006-11-22 21:30 712724 C:\WINDOWS\Fonts\tfpafx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw]
xxyxyvw.dll 2007-12-23 13:24 37376 C:\WINDOWS\SYSTEM32\xxyxyvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo9"= SDVC03.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pptp32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pptp64.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1126148325\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\Explorer.EXE"=
"C:\WINDOWS\system32\tcigrhco.exe"= C:\WINDOWS\system32\tci

R1 pptp64;MMX virtualization service;C:\WINDOWS\system32\pptp64.sys [2004-08-04 05:00]
S2 pptp32;MMX2 virtualization service;C:\WINDOWS\system32\pptp64.sys [2004-08-04 05:00]
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys [2003-07-22 18:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILIAROOM-Zach).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 21:38:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\OL4RAYQR\qt_lo_1[1].gif 68 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\7zS107.tmp\nonlocalized\res\quirk.css 11757 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\7zS107.tmp\optional\extensions\[email protected]\components\qfaservices.dll 8820 bytes executable
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\7zS107.tmp\optional\extensions\[email protected]\components\qfaservices.xpt 144 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\qj552.tmp 0 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\qmgr.cab 79377 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\qmgr.inf 2072 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\QTInstallCode.log 2161 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OTWVCTS9\quiz588outcome4[1].jpg 43525 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\029906p4[1].jpg 16162 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\042805_spdbt_468x60[1].swf 19627 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100170608_s[1].jpg 2461 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100410832_s[1].jpg 1594 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100540232_s[1].jpg 3507 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100605501_s[1].jpg 1982 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100645737_s[1].jpg 2737 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100653129_s[1].jpg 2821 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\100800788_s[1].jpg 2009 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\101325700_s[1].jpg 1381 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\101353945_m[1].jpg 5698 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\101397079_s[1].jpg 1837 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\101742344_s[1].jpg 1825 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\102116030_s[1].jpg 2774 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\102184143_s[1].jpg 2100 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\102185786_s[1].gif 7086 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\102552970_s[1].jpg 2758 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\functions[1].js 9603 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\Gazillion_728x90[1].gif 14518 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\GetMDRCDByTOC[1].xml 151 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\hp1021[1].css 11906 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\HS_Blue_Collar_468x60_12k_3L[1].gif 11557 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\icon_add_to_group[1].gif 381 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\ielogo[1].gif 3848 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\imp[1] 352 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\imp[2] 652 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\imp[3] 297 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\imp[4] 648 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\imp[5] 652 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\addFavoritesIcon[1].gif 831 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\adsEnd[1].js 1611 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\advertisement_up[1].gif 159 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\aimcom_animated2[1].swf 4552 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\Alzheimer_468x60[1].gif 14889 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\aol[1].htm 222 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\backrgnd_off_interest_on[1].gif 461 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\banner[1].htm 531 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\button_signup_main[1].gif 197 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CA7EADNF.swf 11354 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CACPOHKV.swf 11550 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CAG5M7W9.htm 1828 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CAL4E5DV.htm 1861 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CAP0Y597.htm 38 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CAPGRMFB.swf 23158 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\CAQBGP6V.swf 7413 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\color[1].css 487 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\28064606_s[1].GIF 12049 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\28697601_s[1].jpg 1464 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\300x250_2Million_box_static[1].gif 10571 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\30255686_s[1].jpg 1046 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\31784404_s[1].jpg 1586 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\33114214_s[1].jpg 2998 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\34353931336461393432376431303330[1].htm 705 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\37301851_m[1].jpg 10066 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\37357751_s[1].jpg 1953 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\38070909_s[1].jpg 2385 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\39204[1].htm 389 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\msnsmall[1].png 769 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\networking_background_off_v2[1].gif 307 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\number2[1].gif 958 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\onlinenow[1].gif 608 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\optn=1[1] 392 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\Palm%20Tree%20(CMYK)[1].jpg 26278 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\photo_04[1].jpg 16514 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\profileHitCounter[1].htm 137 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\profileHitCounter[2].htm 101 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\puccini[1].css 2711 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\redirect[1].htm 4688 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\res1[1].jpg 16037 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\79800104_s[1].jpg 2603 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\80648124_s[1].jpg 1818 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\81920907_m[1].jpg 4083 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\81920907_s[1].jpg 1730 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\84401132_s[1].jpg 4435 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\84875882_s[1].jpg 3181 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\86916550_s[1].jpg 2429 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\87195679_s[1].jpg 2708 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\87241716_s[1].jpg 2850 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\87721901_s[1].jpg 1676 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\87831515_s[1].jpg 2692 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\88527842_s[1].jpg 2583 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\89647845_m[1].jpg 4745 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\53713887_m[1].jpg 6896 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\68694545_s[1].jpg 2920 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\78519015_s[1].jpg 2852 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\90020331_s[1].jpg 1419 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\94580660_s[1].jpg 2203 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\slickusa_112904_MS_102440_297330_125437[1].swf 25425 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\common_functions_puccini[1].js 5923 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\coolNewPeople[1].js 27200 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\coolNewPeople[2].js 27200 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\cycle[1].20&msizes=468x60&t=js 1165 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\cycle[1].20&msizes=728x90&t=js 233 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\cycle[2].20&msizes=468x60&t=js 1165 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\cycle[2].20&msizes=728x90&t=js 233 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\cycle[3].20&msizes=728x90&t=js 233 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\deleted[1].gif 360 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\desktop.ini 67 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\divider3[1].gif 52 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\f4929bed[1].jpg 25036 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\f4929e6a[1].jpg 13798 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\feature_block[1].gif 2catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\system32\drivers\QL1080.SYS 40320 bytes executable
C:\WINDOWS\system32\drivers\QL10WNT.SYS 33152 bytes executable
C:\WINDOWS\system32\drivers\QL12160.SYS 45312 bytes executable
C:\WINDOWS\system32\drivers\QL1280.SYS 49024 bytes executable
C:\WINDOWS\system32\drivers\rdbss.sys 174592 bytes executable
C:\WINDOWS\system32\drivers\RDPCDD.SYS 4224 bytes executable
C:\WINDOWS\system32\drivers\RDPDR.SYS 196864 bytes executable
C:\WINDOWS\system32\drivers\rdpwd.sys 139528 bytes executable
C:\QooBox
C:\RECYCLER
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\flash_detect[1].js 3821 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\found-in-diaper[1].gif 3843 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\fs[1].gif 441 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\1061574058_pcocktail2[1].jpg 21463 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\11626601_s[1].jpg 7579 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\14326454_s[1].jpg 1576 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\16554240_s[1].gif 202680 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\16_16_ico[1].gif 616 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\17708577_s[1].jpg 21450 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\18419209_s[1].JPG 7467 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\194362467425d8fe32847d[1].gif 34530 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\1947851714424899c9db8ff[1].swf 28277 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\1px-nav[1].gif 51 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\20-1x1pixel[1].gif 42 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200502021510_fbl_h1_i1_4_0[1].gif 1950 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200503011653_fbl_h1_i1_2_0[1].gif 1800 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200504300000_promo_hlm1_i2_2_0[1].gif 883 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200505021631_google_h1_i1_1_0[1].gif 410 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200505041740_nav_h1_i1_5_0[1].gif 3378 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200505051703_promo_hlm1_i1_3_0[1].gif 3301 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200505051703_tab2_h1_i1_1_0[1].gif 7755 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200505051703_tab2_h2_i1_1_0[1].gif 3097 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\200505061848_reskin_c12_i1_1_0[1].gif 505 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\20112278_s[1].jpg 2793 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\21427223_s[1].jpg 4694 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\2145792919425d7eb00b0c2[1].swf 12205 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\21486553_s[1].jpg 3172 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\22411791_s[1].jpg 2830 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\22623473_s[1].jpg 2697 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\23575691_m[1].jpg 12026 bytes
C:\DOCUME~1\HEIDRI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q52ZIXY3\24769683_s[1].jpg 6

guestolo · « **Reply #3 on:** May 25, 2008, 11:03:50 PM »

We still have some work to do, but first, can you do the following please

Download haxfix.exe and save it to your desktop.

Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon"
Click "Next"
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
Click "Finish"

A red "dos window" (dos box) will open with this options:

1. Make logfile
E. Exit Haxfix

I want to see a logfile please

Select option 1. Make logfile by typing 1 and then pressing Enter.
Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
Copy the contents of that logfile and paste it into this thread.

Also
Supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

wisdom_of_trees · « **Reply #4 on:** May 25, 2008, 11:43:13 PM »

Here is the file you asked for; however, hijackthis doesn't seem to want to save the logfile that you requested in the Uninstall Manager. Instead it simply closes the application. Also, I have to cut this reply in half as the page has informed me that the post is too long. HAXFIX logfile - by Marckieversion 5.01.1Sun 05/25/2008 22:18:47.40running from C:\HaxFix--- Checking for Haxdoor ---checking for a3d filesa3d files found ps.a3dchecking for matching notify keysno matching notify keys found checking for matching servicesmatching services foundpptp32pptp64 checking for matching safeboot servicesmatching safeboot services foundpptp32.syspptp64.sys--- Checking for Goldun ---checking for SSODL keysno ssodl keys foundchecking for notify keysno notify keys foundchecking for servicesno services foundchecking iexplore.exeiexplore.exe is not infected --- Checking for other Goldun and Haxdoor files ---C:\WINDOWS\system32\klo5.sys--- Catchme logfile - thank you Gmer ---catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-25 22:19:04Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]"TracesProcessed"=dword:0000013ascanning hidden files ...C:\327882R2FWJFW\Qoo.bat 3398 bytesC:\ComboFix\QooBox-temp.dat 50598 bytesC:\ComboFix\test\qhdtvv.dll 0 bytesC:\ComboFix\test\rdrVR2.dll 0 bytesC:\DELL\MEDIAEXE\Media\I386\QAPPSRV.EX_ 9078 bytesC:\DELL\MEDIAEXE\Media\I386\QASF.DL_ 97269 bytesC:\DELL\MEDIAEXE\Media\I386\QCAP.DL_ 84711 bytesC:\DELL\MEDIAEXE\Media\I386\QDV.DL_ 99486 bytesC:\DELL\MEDIAEXE\Media\I386\QDVD.DL_ 175899 bytesC:\DELL\MEDIAEXE\Media\I386\QEDIT.DL_ 231408 bytesC:\DELL\MEDIAEXE\Media\I386\QEDWIPES.DL_ 371599 bytesC:\DELL\MEDIAEXE\Media\I386\QL1080.SY_ 22761 bytesC:\DELL\MEDIAEXE\Media\I386\QL12160.SY_ 25938 bytesC:\DELL\MEDIAEXE\Media\I386\QMARK.GI_ 2578 bytesC:\DELL\MEDIAEXE\Media\I386\QMGR.IN_ 1951 bytesC:\DELL\MEDIAEXE\Media\I386\QMGRPRXY.DL_ 7187 bytesC:\DELL\MEDIAEXE\Media\I386\QOSCONW.CH_ 5068 bytesC:\DELL\MEDIAEXE\Media\I386\QPROCESS.EX_ 10623 bytesC:\DELL\MEDIAEXE\Media\I386\QUATTRO.WB_ 1934 bytesC:\DELL\MEDIAEXE\Media\I386\QUERY.EX_ 5106 bytesC:\DELL\MEDIAEXE\Media\I386\QUSER.EX_ 8886 bytesC:\DELL\MEDIAEXE\Media\I386\RDBSS.SY_ 85602 bytesC:\DELL\MEDIAEXE\Media\I386\RDCHOST.DL_ 59506 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCDD.SY_ 2141 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCFGEX.DL_ 1361 bytesC:\DELL\MEDIAEXE\Media\I386\RDPDD.DL_ 44858 bytesC:\DELL\MEDIAEXE\Media\I386\RDPSND.DL_ 10019 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWD.SY_ 67700 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWSX.DL_ 36977 bytesC:\DELL\MEDIAEXE\Media\I386\RDSADDIN.EX_ 6669 bytesC:\DELL\MEDIAEXE\Media\I386\RDTONE.HT_ 1239 bytesC:\DELL\MEDIAEXE\Media\I386\RECAGENT.SY_ 7113 bytesC:\DELL\MEDIAEXE\Media\I386\RECOVER.EX_ 3228 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.CH_ 11578 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.WA_ 18680 bytesC:\DELL\MEDIAEXE\Media\I386\QL1280.SY_ 27359 bytesC:\DELL\MEDIAEXE\Media\I386\QWINSTA.EX_ 10386 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcffC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\bs.html 1861 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\htmlC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkInformation.html 2704 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkoutNow.html 4947 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\imagesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\animatedDots.gif 28661 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\blueBackground.gif 1527 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\btn-dont-show.gif 316 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\cancel.gif 806 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\checkoutNowButton.gif 953 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\clear.gif 43 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image1.gif 4425 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image2.gif 77227 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\ok.gif 945 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\pleaseHeadline.gif 398 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\qc_brand.gif 4934 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\quickcheckLogo.gif 1816 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonNo.gif 1221 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonRemind.gif 928 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonYes.gif 979 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registrationPopupHeadline.gif 1729 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\sign_up.gif 2097 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\simplifyHeadline.gif 656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\qcff_signup_moreinfo.html 3504 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\QCRegistration1_1.html 5297 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\retrieveInformation.html 1907 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scriptsC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Engine.js 3288 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\FormFill.js 8670 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\IntelliFill.js 30296 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffConf.js 1616 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffDriver.js 9839 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffHtml.js 453 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLib.js 6540 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLists.js 1476 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffSites.js 1529 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffTxnSeqDetector.js 2482 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUnmappedList.js 8916 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUserLib.js 2656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\qpt_main.js 3340 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Request.js 1685 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\RulesInfo.js 7573 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\TEAOClient.js 4874 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTime.qtp 10367 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\qdiagocx.js 1919 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\QuarantineC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\adv479[1].MCQ 715 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 4232 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 5486 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\QueueC:\Documents and Settings\All Users\Application Data\QuickTimeC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTime.qtp 10339 bytesC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsbm.bmp 372 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsim.bmp 276 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsy.bmp 256 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsyma.bmp 288 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!C:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow Help.lnk 551 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow!.lnk 1857 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 683 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Default User\RecentC:\Documents and Settings\Default User\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Default User\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Default User\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Guest\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qb3A5.tmp 0 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qbogvyat.dll 86036 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\qdiagd.log 120 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qgqoexcc.dll 45525 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qnUVy7y6UAr1+c4ZAQbYziwBdPTurtZJqpzOoEKQDL6cR1WU35fxLRP07pFglsNR[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qdwZZQPdDaemyLdW6zrGMDHDo3zQCUAvtS8fpypccoFAGaeBH1hFeXnp++GZsRYw[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\Q[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\QDcZwy5VV8be++sHFO5aNZfZE5gKLfvmei93nTibUgel1jEWzUk9HYwffQgbmyO1[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quote[1].gif 29349 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MR8HIJ\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\qArurV8mGf0bqCcHRpzxVx[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\QnHbaghb43gdnlytM1JeB+uwf1QoiIjOyecVH+hp6A8DqBZ5mTS6xq0nY[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quRPaOT5MbVddJlDCJVas8g2vmyO9eqJEcV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\W3S3CL45\q51374820[1].png 10788 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qq84tvVupTJI9NcaIn76TXmVSTQg0mrtiE0gt[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qyjtheg29wht2CkOsBigDOTDWu[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\qsscreen[1].gif 934 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quant[3].js 2688 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quill[1].txt 100 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recent[1].js 324 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recommendedvideos[1].htm 7899 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\1D5AVNXA\Recovery_Design_small_1642774194219[1].jpg 3990 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\questionSmall[1].jpg 15318 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\rec_thumbup_gray_sml[1].gif 583 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\Recovery_Armband_small_1974594820678[1].jpg 3981 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\qtobject[1].js 3514 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\Quiksilver-02[1].gif 1410 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\qt_lo_1[1].gif 68 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\recharge[1].jpg 13519 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\quiz[1].jpg 2339 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q122900650_8854[1].jpg 2466 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q20608714_5279[1].jpg 2373 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q43808713_3593[1].jpg 2655 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q45204789_1978[1].jpg 2930 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_neigh_9800_v2_160x600_30k[1].gif 19145 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_newly_9800_v2_728x90_30k[1].gif 19046 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\recent[1].htm 4555 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\rdc_pleasewaiticon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\QBMS_Benefits_v1_300x250[1].gif 19038 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\quill[1].swf 132408 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\rec_thumb_down_sml[1].gif 576 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quant[1].js 2259 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quote_box_center[1].gif 104 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\quentin_tarantino_spits_on_a_reporter[1].jpg 7076 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\reclinks_ltcnr[1].gif 52 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\question_mark[1].gif 272 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q145700153_8659[1].jpg 2001 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q19228185_4114[1].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501050443_7228[1].jpg 2700 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501664432_4369[1].jpg 2345 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q513675668_8153[1].jpg 2009 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q878540082_7179[1].jpg 2569 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_blacksolidarrow[1].gif 77 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_headertitle[1].gif 3094 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\recommended_videos[1].htm 28800 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\qualityhealth[1].bmp 432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\rec_thumb_up_sml[1].gif 568 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH2ZOHAN\quote_box_top[1].gif 368 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH6VSTQF\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quote_box_bottom[1].gif 369 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz275outcome1[1].jpg 18051 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MYZVDCNB\rectest[1].htm 11388 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OXANOD6Z\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\ql[1].css 2014 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\reclinks_titlebar[1].jpg 95 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXLC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[14].jpg 3834 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].htm 24130 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[5].jpg 3725 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\AmonRa2[1].jpg 15828 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAG52BWH.htm 1220 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAQNJWEK.jpg 7964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\counter[1].gif 715 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\desktop.ini 67 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Djn[1].jpg 7561 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\doodlecolour[1].jpg 128073 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\geov2_001[1].js 662 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[15].jpg 3702 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[16].jpg 3450 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[17].jpg 3498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[18].jpg 3412 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[19].jpg 2767 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].htm 24196 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].jpg 3892 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[20].jpg 2807 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[21].jpg 2513 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[22].jpg 1743 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[23].jpg 3365 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[24].jpg 1531 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[25].jpg 3209 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[26].jpg 1941 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[27].jpg 3616 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[28].jpg 4827 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[29].jpg 3539 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].jpg 4223 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[30].jpg 3578 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[31].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[32].jpg 3759 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[33].jpg 4032 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[34].jpg 4430 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[35].jpg 2281 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[36].jpg 5363 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[37].jpg 3370 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[38].jpg 2217 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[39].jpg 4948 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].htm 24936 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].jpg 4835 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[40].jpg 4037 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[41].jpg 1920 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[42].jpg 2986 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[4].jpg 2436 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[10].jpg 2631 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[11].jpg 1964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[12].jpg 4737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[13].jpg 3787 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[6].jpg 4277 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[7].jpg 2898 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[8].jpg 3847 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[9].jpg 3144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\notify[1].htm 19 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\P4s-sm[1].jpg 11166 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\PapyrusFrag[1].jpg 16144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\search[1].HTML 4422 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\SenPapEsm[1].jpg 13006 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\seshatdetail1[1].jpg 28050 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Seti[1].jpg 32088 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Stone[1].htm 2551 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Sun4sm[1].jpg 8484 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Udjat[1].jpg 17674 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\q45203612_1694[1].jpg 2498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\QscrOverrides[1].js 3917 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_neigh_9800_v2_728x90_30k[1].gif 20139 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_nanomiddle[1].png 114 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_newly_9800_v2_160x600_30k[1].gif 18594 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_003399bullet[1].gif 55 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q137800444_1710[1].jpg 2432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q27705805_3462[1].jpg 2690 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q43804037_9429[1].jpg 2679 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45201039_659[1].jpg 2497 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45205457_4509[1].jpg 2737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q500297087_8349[1].jpg 2260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\rdc_expandmiddle[1].png 168 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\RDC_PleaseWaitIcon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\qbal3_wht[1].gif 235 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\reclinks_rtcnr[1].gif 52 bytesC:\Documents and Settings\Guest\RecentC:\Documents and Settings\Guest\Recent\Casey Price.lnk 559 bytesC:\Documents and Settings\Guest\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Guest\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Guest\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Heather\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!C:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\FavoritesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\playlist.dat 5645 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\sndfind.dat 1817 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloadsC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05\25dc877b-4f450ba7-96137012-ddd6010a.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\01C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10\4a4196e4-f38ef58d-fbdde8f8-d305e547.qtch 360000 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\03C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\13C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05\c5e041df-d2db2150-102410e7-d48d4696.qtch 0 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15\cff4d7f6-4a04903d-4c3af0ca-3885f54f.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\10C:\Documents and Settings\Heather\Local Settings\Temp\qdiagd.log 159 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qdiagd_2.log 120 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qttwwgpv.dll 106516 bytes executableC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LUN8DIZ\records_DoraDanceFiesta_728[1].gif 42972 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\quick_search_hdr_ptv[1].gif 768 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\QNCK_dora_logo[1].gif 1465 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\recordFlashVersion[1].js 386 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\QNCK_dora_text[1].gif 2126 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\query[1].js 155 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\records_LazyTownCD_new_728[1].gif 37014 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K16JS1EZ\questionmark[1].gif 342 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\quiz1430outcome1[1].jpg 34002 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz588outcome5[1].jpg 65919 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz917outcome1[1].jpg 15960 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2ZKJ6PSJ\qnd9[1].jpg 11183 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\49YB85AB\Q3national728[1].html 1123 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6K1A71GH\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\qEg[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\quote_begin._V51923589_[1].gif 108 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\recent[2].bmp 1082 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\A70DMTKV\quiz1260outcome3[1].jpg 17769 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AKX1ZJBB\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\QQ3DuQ[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\EJCB5U6K\qw7907_mmc_4pb_9state_select_728x90_20k[1].gif 8297 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\Q306_6039_core_728x90_noecc_1500_t309[1].swf 13855 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\quote42gb[1].png 18306 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GLG78FW7\quiz1442outcome3[1].jpg 53466 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GNIBIYSG\RecentSearch_2[1].js 5854 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\q37296498[1].gif 2233 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quote[1].gif 24573 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1233outcome4[1].jpg 10111 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\LVAU6BY5\qw8366_mmc_dsl_deck_2699_728x90_30k[1].gif 12874 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\questionmark[1].gif 76 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\q[1].swf 7203 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\QxyMg4rwXFqW3xBlRCbIjHG3I44lGwJXk1i0z3Dig9tdE7J47r[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\NA7GSJ0R\quotebankjobshot[1].gif 18885 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\O9250HAZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\q1145467115296[1].txt 5135 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome4[1].jpg 43525 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\recentlyaddedlayouts[1].jpg 1019 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\SDEZSP2Z\quote_end._V51923589_[1].gif 109 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\q+iDtkzwisegSCysE7jY0C9MshwM9o0tf1iCObBR0NESFyGbNeh62lula9ctwdDj[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\UFPBYVF0\quiz[1].jpg 2339 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev-1[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\V1G81WT8\quiz794outcome4[1].jpg 20291 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quoteforgirls[1].jpg 22013 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qm8U+ic62TJYfju[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\rdY+mPR[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quiz1432outcome2[1].jpg 40165 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quote3bx4ev[1].jpg 12869 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quizilla300x125[1].gif 9535 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\rectangles[1].gif 12697 bytesC:\Documents and Settings\Heather\RecentC:\Documents and Settings\Heather\Recent\Clouds.lnk 674 bytesC:\Documents and Settings\Heather\Recent\Heather Heidrich Per.lnk 610 bytesC:\Documents and Settings\Heather\Recent\015812.lnk 845 bytesC:\Documents and Settings\Heather\Recent\020038.lnk 845 bytesC:\Documents and Settings\Heather\Recent\023510.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032746.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032754.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032806.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040019.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040201.lnk 845 bytesC:\Documents and Settings\Heather\Recent\0402120026.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0402130038.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0403140012.lnk 867 bytesC:\Documents and Settings\Heather\Recent\10-24-2005 10;19;38AM.lnk 771 bytesC:\Documents and Settings\Heather\Recent\173410620_l.lnk 699 bytesC:\Documents and Settings\Heather\Recent\2004_0103(001).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0103(002).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0106(005).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0112(047).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_1231Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0011.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0026.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0032.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0040.lnk 907 bytesC:\Documents and Settings\Heather\Recent\Anne.lnk 682 bytesC:\Documents and Settings\Heather\Recent\aqk.lnk 655 bytesC:\Documents and Settings\Heather\Recent\casey and ann.lnk 831 bytesC:\Documents and Settings\Heather\Recent\Casey PricePer.lnk 676 bytesC:\Documents and Settings\Heather\Recent\casey.lnk 687 bytesC:\Documents and Settings\Heather\Recent\Heather.lnk 557 bytesC:\Documents and Settings\Heather\Recent\[email protected][1].lnk 1086 bytesC:\Documents and Settings\Heather\Recent\Heathers.lnk 564 bytesC:\Documents and Settings\Heather\R

wisdom_of_trees · « **Reply #5 on:** May 25, 2008, 11:46:20 PM »

C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[2].htm 544 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[3].htm 1185 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[4].htm 544 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[5].htm 1149 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[8].htm 1049 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\UsersOnline[9].htm 1294 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543118rs[1].jpg 3447 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543138wv[1].jpg 2221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543198ms[1].jpg 1962 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543233wm[1].jpg 2796 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543250ia[1].jpg 2443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543266al[1].htm 352 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265739254327io[1].jpg 3073 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543307vf[1].jpg 2842 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543336rl[1].jpg 3119 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543360ki[1].jpg 2312 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657392543403rf[1].jpg 2449 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265739254369cf[1].jpg 3076 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855101ad[1].jpg 2466 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855112ol[1].jpg 1354 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742285514nj[1].jpg 3001 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855162sh[1].jpg 3505 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855180gl[1].jpg 3764 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855216mq[1].jpg 2257 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855227og[1].jpg 2692 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855285mo[1].jpg 1899 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657422855312lk[1].jpg 2879 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397302gm[1].jpg 1185 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973115ro[1].jpg 1187 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973123ao[1].jpg 4093 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973156gl[1].jpg 2979 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973203ev[1].jpg 1972 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397320zz[1].jpg 3248 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973226hx[1].jpg 4091 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973245sa[1].jpg 1560 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973290xr[1].jpg 2847 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973363ng[1].jpg 4645 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973394zx[1].jpg 3417 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397349ac[1].jpg 2624 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti825265742397354bk[1].jpg 4007 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252659386304182ec[1].jpg 10468 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[7].htm 711 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[8].htm 711 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[9].htm 711 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[10].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[11].swf 0 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[12].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[1].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[2].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[3].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[4].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[5].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[6].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[7].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[8].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\mini[9].swf 17235 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\misti[1].jpg 82862 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\module2_MickeyMouseClubhouse[1].swf 3885 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664275114_m[1].jpg 4306 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664644116_s[1].jpg 1372 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664656545_l[1].jpg 26416 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664658446_m[1].jpg 2974 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664960555_m[1].jpg 1868 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664963607_s[1].jpg 1262 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665107054_s[1].jpg 1790 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665162004_l[1].jpg 95675 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665188051_l[1].jpg 86983 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665196888_s[1].jpg 2070 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\665229771_l[1].jpg 28213 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\683754331_s[1].jpg 2677 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\70015357944400dd93b450[1].swf 15242 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\71[1].gif 2959 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\iloveu2[1].ani 11305 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[21].htm 17513 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[38].htm 12385 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[52].htm 20657 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\legalfooter[1].js 7162 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\midas[6].htm 710 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\motion[1].js 5667 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspace-codes-comments-1[1].gif 23520 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons252[1].gif 2389 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav_aboutus[1].gif 1994 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\647770038_l[1].jpg 87859 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\648642597_m[1].jpg 3727 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\651096659_s[1].jpg 2229 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\651705286_s[1].jpg 1606 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\652999715_l[1].jpg 12420 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\653588231_s[1].jpg 2953 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\653643064_s[1].jpg 2506 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654424015_s[1].jpg 1450 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654589035_s[1].jpg 2233 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654627410_s[1].jpg 1892 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654717842_m[1].jpg 3777 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\654896975_s[1].jpg 1619 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\655065182_l[1].jpg 17690 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\34[2].js 408 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\361943889_s[1].jpg 1586 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\363026449_m[1].jpg 7450 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\36[1].js 387 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\379326189_s[1].jpg 4038 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\379577450_s[1].jpg 3378 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\386615415_m1[1].jpg 4973 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\387064228_m1[1].jpg 4603 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\389827812_s[1].jpg 2229 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\392456929_m1[1].jpg 5883 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\smileystuff3a[1].gif 289 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\smilplayer[1].swf 71501 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\snowboardingstrip[1].jpg 46538 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\sorting[1].js 896 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\sponsorsGlobal[1].js 2216 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\springFS0406_728x90[1].gif 30469 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\star[1].gif 515 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\star_med3[1].png 592 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\allamericanrejects9xn[1].jpg 11611 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\already-found[1].jpg 3361 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\AnimationBrunettePic[1].gif 11408 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\asldata[1].js 139 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[1].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[2].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[3].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\aslframe[4].htm 555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\newfridge[1].swf 37832 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\newyork[1].jpg 3146 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nexlw8[1].gif 15032 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nopony[1].jpg 21076 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\notes[1].swf 6454 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nothing_but_net_compact[1].png 2343 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\o.kobewall2[1].jpg 243505 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\580016242_s[1].jpg 1474 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\582115481_s[1].jpg 1833 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\582208543_l[1].jpg 32650 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\582208543_m[1].jpg 4399 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\584388202_m[1].jpg 4388 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\584679498_m[1].jpg 3004 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\585890344_s[1].jpg 2105 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\586074461_m[1].jpg 5221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\586074461_s[1].jpg 2211 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\590005239_s[1].jpg 1200 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[10].htm 15283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[12].htm 12272 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[13].htm 12337 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[14].htm 10401 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[15].htm 12979 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[16].htm 174234 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[17].htm 17906 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[18].htm 12316 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[19].htm 16578 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[1].bmp 76854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[1].cfm 3932 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[1].htm 84733 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[20].htm 12545 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126328yq[1].jpg 3047 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126354iy[1].jpg 2050 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126410mz[1].jpg 2802 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1743312646bl[1].jpg 1873 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1743312667ir[1].jpg 1708 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1941287032nt[1].jpg 32763 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1941287041ni[1].jpg 20879 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1941287057lx[1].jpg 2401 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\1687674949443e6b7a3f3df[1].swf 16331 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\16[2].js 304 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[1].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[2].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[3].swf 5555 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[4].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[5].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\172380007844400e0d895db[6].swf 26283 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\17458708774420569021833[1].gif 47330 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\TitleBar[1].swf 970 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\top_r[1].png 246 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\whatsnew[1].gif 593 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\whereswilma[1].swf 44681 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\write_review[1].png 2209 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\www.alycedesigns[1].bmp 1082 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\www2.webrewardscentral[1].htm 16266 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xadvise12[1].gif 2234 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xadvise36[1].jpg 11345 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xadvise3[1].jpg 13737 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663195627_s[1].jpg 2240 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663301591_s[1].jpg 1534 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663389830_m[1].jpg 3642 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663396115_m[1].jpg 4008 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663487198_l[1].jpg 15161 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663672085_s[1].jpg 3032 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663749584_s[1].jpg 2159 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663783107_s[1].jpg 2737 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664160999_s[1].jpg 2913 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664183290_l[1].jpg 22869 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664183290_s[1].jpg 1443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\655917633_s[1].jpg 3149 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656826325_m[1].jpg 3004 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656830503_m[1].jpg 4291 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656874108_l[1].jpg 27537 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\656892494_m[1].jpg 4192 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\657071333_l[1].jpg 46257 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\657911170_s[1].jpg 1567 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658345102_m[1].jpg 4522 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658429637_s[1].jpg 1976 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658442237_s[1].jpg 2076 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658496421_s[1].jpg 1793 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658573331_s[1].jpg 1487 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\658709675_s[1].jpg 1915 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\659442532_s[1].jpg 4164 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\search[1].png 4171 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\search_dn_en2[1].gif 1791 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\serpentine[1].js 178 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shameScrubberLoader[1].swf 186767 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shanna[1].swf 8511 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shim[1].swf 394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\shockwaveError[1].htm 7221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\595627921_s[1].jpg 4993 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\598998927_s[1].jpg 1935 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\599126397_l[1].gif 118833 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59[1].js 664 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\601469281_s[1].jpg 1907 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[22].htm 22541 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[23].htm 15411 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[24].htm 25490 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[25].htm 137547 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[26].htm 18650 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[27].htm 16497 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[28].htm 10885 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[29].htm 39843 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[2].bmp 76854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[2].cfm 4466 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[2].htm 10912 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[30].htm 36242 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[31].htm 10434 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[32].htm 12873 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[33].htm 66777 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[34].htm 19890 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[35].htm 17626 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[36].htm 12499 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[37].htm 10276 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[1].xml 170 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[2].xml 171 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[3].xml 171 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashgen[4].xml 170 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flashwrite_1_2[1].js 801 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash[1].xml 6210 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash[2].xml 6014 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash[3].xml 6014 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\flash_728x90[1].swf 26443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\fl_down_152x27[1].gif 268 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\gamePreplay[1].js 3443 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163909xa[1].jpg 33215 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163919kt[1].jpg 44967 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163926ch[1].jpg 46146 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163947ss[1].jpg 61541 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163952et[1].jpg 62143 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1720163968re[1].jpg 32126 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1738875579hf[1].jpg 28413 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti1743312600ll[1].jpg 2772 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126108yq[1].jpg 3013 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\642992042_m[1].jpg 4593 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\644334555_s[1].jpg 1653 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645480744_s[1].jpg 1111 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645917445_s[1].jpg 2725 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645926667_m[1].jpg 6228 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\645961010_s[1].jpg 1782 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\646075258_s[1].jpg 2214 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\646254867_m[1].jpg 4807 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\647019299_s[1].jpg 3538 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\647347904_s[1].jpg 1777 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\720_728x90_20062148225[1].htm 684 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\7388755_bb7518ae1143437388[1].jpg 12485 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\75[1].js 175 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\79[1].js 2196 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\830808764440125c3968d[1].swf 30204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\830808764440125c3968d[2].swf 30204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\830808764440125c3968d[3].swf 30204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\83[2].js 2204 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\87[2].js 487 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\523774933_s[1].jpg 3157 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\524389699_s[1].jpg 3932 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\525715746_m[1].jpg 10543 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\533631798_s[1].jpg 1694 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\535322479_s[1].jpg 1815 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\537785254_m[1].jpg 4309 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\547705422_s[1].jpg 3536 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\553188822_s[1].jpg 3039 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\19619816394426db5050644[1].swf 7836 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\1[1] 8433 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\1[1].gif 7978 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2005_0822Image0167[1].jpg 143153 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2005_0823Image0037[1].jpg 123804 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\21cd997760f44b345185ee00824dd5b1[1].gif 22292 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2259[1].jpg 1854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\247914895_m1[1].jpg 7773 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2482[1].jpg 2059 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\25364582443d1fec67e19[1].swf 19871 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2546[1].jpg 1798 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2686[1].jpg 3564 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\2736[1].jpg 2551 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\436261000_s[1].jpg 1762 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\437475602_s[1].jpg 1633 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\445009371_s[1].jpg 1858 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\449123034_m[1].jpg 8033 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\4544951743ed0a9e6c5f1[1].gif 50834 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\470042339_s[1].jpg 2176 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471162189_m[1].jpg 5394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471172524_l[1].jpg 46475 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471255030_l[1].jpg 27947 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\471266819_s[1].jpg 3274 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\474249886_s[1].jpg 3001 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\48186052441831d38ae7d[1].swf 14199 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\playhouseUrls[1].txt 3720 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\playhouse_breadcrumb[1].js 4991 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\pop[1].8&c=13 6316 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\PostAComment[1].htm 9805 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\PreloadList[1].ini 35 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\print_and_play[1].htm 5796 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\PRX_9959_brand_phase1_160x600_25k[1].gif 25450 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\p[1].gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\quadrow_highlight[1].png 5174 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[39].htm 12616 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[3].bmp 76854 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[3].cfm 4165 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[3].htm 40300 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[40].htm 12328 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[41].htm 21063 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[42].htm 18672 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[43].htm 19405 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[44].htm 40623 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[45].htm 22458 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[46].htm 10915 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[47].htm 36258 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[48].htm 12605 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[49].htm 12485 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[4].bmp 1082 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[4].htm 5809 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[50].htm 91178 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\index[51].htm 36244 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res1[1].jpg 13877 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res1[2].jpg 15303 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res3[1].jpg 7144 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\cache_res4[1].jpg 11972 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CACXE78L.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAD88Z55.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CADOZMN3.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAE7012V.htm 1887 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAER41EN.htm 3671 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAHCCJPH.swf 36470 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAHRB9SG.swf 26739 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAI385IZ.gif 43 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\open-3[1].jpg 4486 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[1] 757 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[1].gif 45719 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[2] 394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[3] 394 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[4] 395 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[5] 494 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[6] 494 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[7] 1137 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[8] 1131 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=1[9] 1064 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[1] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[2] 4166 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[3] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[4] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\optn=64[5] 2031 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Site_WS;MN=93211700;wm=o;rm=1;!c=d-pnd;!c=d-pps;dcopt=ist;sz=300x250;tile=1;dcove=d;ord=695500353[2] 1375 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti17433126274ou[1].jpg 1708 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\ti8252657423973179id[1].jpg 2361 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\trip_plus_high_scores_bkg[1].png 28729 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\WebResource[2].axd 21011 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Xlove138[1].jpg 4781 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\664272624_l[1].jpg 30200 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662128355_s[1].jpg 1529 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662251007_s[1].jpg 1835 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662277488_s[1].jpg 1514 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662406330_s[1].jpg 1847 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662528356_s[1].jpg 1641 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662582302_s[1].jpg 2371 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662709643_s[1].jpg 2105 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662758585_s[1].jpg 2556 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\662927596_m[1].jpg 3765 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663079843_s[1].jpg 2244 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\663107133_s[1].jpg 1963 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\71[2].js 170 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\adopt[1].htm 3329 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAAZ0DIF.swf 13227 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAI569G9.swf 9632 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\CAW1QHNW.htm 1605 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\Com_Mess;MN=93189867;wm=o;rm=1;af1=1;ua=20;ug=2;sz=120x90;tile=1;dcove=d;or
d=548456310[2] 491 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\global[1].css 16424 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[11].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[1].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[2].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[3].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[4].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[5].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[6].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[7].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[8].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\59020410344401303c2496[9].swf 18048 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\592362618_s[1].jpg 2909 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons26[1].gif 12917 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons68[1].gif 6862 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons75[1].gif 10807 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons77[1].gif 23221 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons86[1].gif 1925 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\NapsterMyspace160x600[1].html 1180 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav2[1].swf 69830 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav[2].swf 43628 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\nav[3].swf 43628 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons121[1].gif 81694 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons129[1].gif 7861 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons136[1].gif 5597 bytes
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\QRW5EDWJ\myspaceicons141[1].gif 2308 bytes
C:\Documents and Settings\Meghan\Local Setting

guestolo · « **Reply #6 on:** May 25, 2008, 11:54:42 PM »

Can you next do the following, let's ensure haxdoor is gone before we move on

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt
Exit ATF-Cleaner from the Main menu

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/english/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...SkghGcsUWkK4Oo=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\HEIDRI~1\MYDOCU~1\ASKS~1\wuauboot.exe" -vt tzt
O4 - HKCU\..\Run: [Bbffnfj] C:\WINDOWS\?dobe\n?lookup.exe

O4 - S-1-5-18 Startup: winupdt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: winupdt.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm086YYUS

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Haxfix

Double click on the fix.bat desktop icon. (or open the folder program files\haxfix and double click on fix.bat.)
Close all other open windows since this step requires a reboot.
Select option 2. Run auto fix by typing 2 and then pressing Enter.

If an infection is found, you'll get a message to close all other open windows.

Close all open windows except the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile (c:\haxfix.txt) will open.
Post the contents of that logfile along with a new HijackThislog.

In addition, with the above 2 logs
If you can remember to post the uninstall list from Hijackthis also, that would help

wisdom_of_trees · « **Reply #7 on:** May 26, 2008, 12:38:10 AM »

Here is the first half of the HaxFix log. I'll follow up with the 2nd half and the fresh HijackThis in the next post. Also the Uninstall/Save This portion of HijackThis once again doesn't seem to want to work. HAXFIX logfile - by Marckieversion 5.01.1Sun 05/25/2008 23:17:46.26 --- Auto Haxdoorfix ---Haxdoorfix Part 1no infections foundHaxdoorfix Part 2searching for notifykeysno notifykeys foundsearching for servicesno services foundsearching for safeboot servicesno safeboot services found--- Goldunfix ---searching for other goldun- and haxdoorfiles:C:\WINDOWS\system32\klo5.sys checking iexplore.exeiexplore.exe is not infected searching for SSODLkeysno SSODLkeys foundsearching for notifykeys no notify keys foundsearching for servicesno services found--- Registrysettings ---not necessary.....rebooting the computer.....--- searching for ssodlkeys ---not necessary --- searching for notifykeys ---not necessary --- searching for services ---not necessary --- searching for safeboot services ---not necessary --- searching for files ---C:\WINDOWS\system32\klo5.sys founddeleting C:\WINDOWS\system32\klo5.sysC:\WINDOWS\system32\klo5.sys has been deleted--- searching for other files in the system32 folder ---no other files found in the system32 folder --- searching for other files in windows folder ---no other files found in the windows folder --- searching for a3d files ---ps.a3ddeleting a3d filesa3d files are deleted--- checking registry settings ---not necessary--- Catchme logfile ---catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-25 23:20:13Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...C:\327882R2FWJFW\Qoo.bat 3398 bytesC:\ComboFix\QooBox-temp.dat 50598 bytesC:\ComboFix\test\qhdtvv.dll 0 bytesC:\ComboFix\test\rdrVR2.dll 0 bytesC:\DELL\MEDIAEXE\Media\I386\QAPPSRV.EX_ 9078 bytesC:\DELL\MEDIAEXE\Media\I386\QASF.DL_ 97269 bytesC:\DELL\MEDIAEXE\Media\I386\QCAP.DL_ 84711 bytesC:\DELL\MEDIAEXE\Media\I386\QDV.DL_ 99486 bytesC:\DELL\MEDIAEXE\Media\I386\QDVD.DL_ 175899 bytesC:\DELL\MEDIAEXE\Media\I386\QEDIT.DL_ 231408 bytesC:\DELL\MEDIAEXE\Media\I386\QEDWIPES.DL_ 371599 bytesC:\DELL\MEDIAEXE\Media\I386\QL1080.SY_ 22761 bytesC:\DELL\MEDIAEXE\Media\I386\QL12160.SY_ 25938 bytesC:\DELL\MEDIAEXE\Media\I386\QMARK.GI_ 2578 bytesC:\DELL\MEDIAEXE\Media\I386\QMGR.IN_ 1951 bytesC:\DELL\MEDIAEXE\Media\I386\QMGRPRXY.DL_ 7187 bytesC:\DELL\MEDIAEXE\Media\I386\QOSCONW.CH_ 5068 bytesC:\DELL\MEDIAEXE\Media\I386\QPROCESS.EX_ 10623 bytesC:\DELL\MEDIAEXE\Media\I386\QUATTRO.WB_ 1934 bytesC:\DELL\MEDIAEXE\Media\I386\QUERY.EX_ 5106 bytesC:\DELL\MEDIAEXE\Media\I386\QUSER.EX_ 8886 bytesC:\DELL\MEDIAEXE\Media\I386\RDBSS.SY_ 85602 bytesC:\DELL\MEDIAEXE\Media\I386\RDCHOST.DL_ 59506 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCDD.SY_ 2141 bytesC:\DELL\MEDIAEXE\Media\I386\RDPCFGEX.DL_ 1361 bytesC:\DELL\MEDIAEXE\Media\I386\RDPDD.DL_ 44858 bytesC:\DELL\MEDIAEXE\Media\I386\RDPSND.DL_ 10019 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWD.SY_ 67700 bytesC:\DELL\MEDIAEXE\Media\I386\RDPWSX.DL_ 36977 bytesC:\DELL\MEDIAEXE\Media\I386\RDSADDIN.EX_ 6669 bytesC:\DELL\MEDIAEXE\Media\I386\RDTONE.HT_ 1239 bytesC:\DELL\MEDIAEXE\Media\I386\RECAGENT.SY_ 7113 bytesC:\DELL\MEDIAEXE\Media\I386\RECOVER.EX_ 3228 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.CH_ 11578 bytesC:\DELL\MEDIAEXE\Media\I386\RECYCLE.WA_ 18680 bytesC:\DELL\MEDIAEXE\Media\I386\QL1280.SY_ 27359 bytesC:\DELL\MEDIAEXE\Media\I386\QWINSTA.EX_ 10386 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\quit.gif 974 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\quit.gif 630 bytesC:\Documents and Settings\All Users\Application Data\AOL\Coach\en_en\adpglobal\us-eu\recheck.gif 2126 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcffC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\bs.html 1861 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\htmlC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkInformation.html 2704 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkoutNow.html 4947 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\imagesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\animatedDots.gif 28661 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\blueBackground.gif 1527 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\btn-dont-show.gif 316 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\cancel.gif 806 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\checkoutNowButton.gif 953 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\clear.gif 43 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image1.gif 4425 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\moreinfo_image2.gif 77227 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\ok.gif 945 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\pleaseHeadline.gif 398 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\qc_brand.gif 4934 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\quickcheckLogo.gif 1816 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonNo.gif 1221 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonRemind.gif 928 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registerButtonYes.gif 979 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\registrationPopupHeadline.gif 1729 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\sign_up.gif 2097 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\images\simplifyHeadline.gif 656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\qcff_signup_moreinfo.html 3504 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\QCRegistration1_1.html 5297 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\retrieveInformation.html 1907 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scriptsC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Engine.js 3288 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\FormFill.js 8670 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\IntelliFill.js 30296 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffConf.js 1616 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffDriver.js 9839 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffHtml.js 453 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLib.js 6540 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffLists.js 1476 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffSites.js 1529 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffTxnSeqDetector.js 2482 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUnmappedList.js 8916 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\QcffUserLib.js 2656 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\qpt_main.js 3340 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\Request.js 1685 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\RulesInfo.js 7573 bytesC:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\scripts\TEAOClient.js 4874 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTime.qtp 10367 bytesC:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\qdiagocx.js 1919 bytesC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\configuration\adpglobal\Query.js 13854 bytesC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\QuarantineC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\adv479[1].MCQ 715 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 4232 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 5486 bytesC:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\QueueC:\Documents and Settings\All Users\Application Data\QuickTimeC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTime.qtp 10339 bytesC:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr 986 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsbm.bmp 372 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsim.bmp 276 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsy.bmp 256 bytesC:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons\qsyma.bmp 288 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!C:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow Help.lnk 551 bytesC:\Documents and Settings\All Users\Start Menu\Programs\Sonic\RecordNow!\RecordNow!.lnk 1857 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 683 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Default User\RecentC:\Documents and Settings\Default User\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Default User\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Default User\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Guest\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qb3A5.tmp 0 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qbogvyat.dll 86036 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\qdiagd.log 120 bytesC:\Documents and Settings\Guest\Local Settings\Temp\qgqoexcc.dll 45525 bytes executableC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qnUVy7y6UAr1+c4ZAQbYziwBdPTurtZJqpzOoEKQDL6cR1WU35fxLRP07pFglsNR[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\45QVW52J\qdwZZQPdDaemyLdW6zrGMDHDo3zQCUAvtS8fpypccoFAGaeBH1hFeXnp++GZsRYw[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\4927U5Q5\Q[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\QDcZwy5VV8be++sHFO5aNZfZE5gKLfvmei93nTibUgel1jEWzUk9HYwffQgbmyO1[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\67KRCH4N\qYLbvk6zfPlQ5vYU4EtPvaEyclv4SpBJ8WjgwU479Y1uJDTWzYkt1EzCYWcDAkiV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1WX4DAX\quote[1].gif 29349 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MR8HIJ\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\qArurV8mGf0bqCcHRpzxVx[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\QnHbaghb43gdnlytM1JeB+uwf1QoiIjOyecVH+hp6A8DqBZ5mTS6xq0nY[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5YJ49UB\quRPaOT5MbVddJlDCJVas8g2vmyO9eqJEcV[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\W3S3CL45\q51374820[1].png 10788 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qq84tvVupTJI9NcaIn76TXmVSTQg0mrtiE0gt[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6JWX6N\qyjtheg29wht2CkOsBigDOTDWu[1].txt 1 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\qsscreen[1].gif 934 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quant[3].js 2688 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\quill[1].txt 100 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recent[1].js 324 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\14GB5XK9\recommendedvideos[1].htm 7899 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\1D5AVNXA\Recovery_Design_small_1642774194219[1].jpg 3990 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\questionSmall[1].jpg 15318 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3FL7VP0W\rec_thumbup_gray_sml[1].gif 583 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\Recovery_Armband_small_1974594820678[1].jpg 3981 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3X5J6EM9\qtobject[1].js 3514 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\Quiksilver-02[1].gif 1410 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\qt_lo_1[1].gif 68 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\76E8ABCD\recharge[1].jpg 13519 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\quiz[1].jpg 2339 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q122900650_8854[1].jpg 2466 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q20608714_5279[1].jpg 2373 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q43808713_3593[1].jpg 2655 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\q45204789_1978[1].jpg 2930 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_neigh_9800_v2_160x600_30k[1].gif 19145 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\qw9045_mmc_mover_newly_9800_v2_728x90_30k[1].gif 19046 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\recent[1].htm 4555 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\7XPYXS2H\rdc_pleasewaiticon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\QBMS_Benefits_v1_300x250[1].gif 19038 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\quill[1].swf 132408 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8JRVMK19\rec_thumb_down_sml[1].gif 576 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quant[1].js 2259 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8X6NK5UJ\quote_box_center[1].gif 104 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\quentin_tarantino_spits_on_a_reporter[1].jpg 7076 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ACQQTIK1\reclinks_ltcnr[1].gif 52 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\question_mark[1].gif 272 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q145700153_8659[1].jpg 2001 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q19228185_4114[1].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501050443_7228[1].jpg 2700 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q501664432_4369[1].jpg 2345 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q513675668_8153[1].jpg 2009 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\q878540082_7179[1].jpg 2569 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_blacksolidarrow[1].gif 77 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\BX9SJ5GT\rdc_headertitle[1].gif 3094 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\C9Y7WHQR\recommended_videos[1].htm 28800 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\qualityhealth[1].bmp 432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E1J8DKV2\rec_thumb_up_sml[1].gif 568 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH2ZOHAN\quote_box_top[1].gif 368 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GH6VSTQF\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quote_box_bottom[1].gif 369 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KX2B4PAR\quiz275outcome1[1].jpg 18051 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MYZVDCNB\rectest[1].htm 11388 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OXANOD6Z\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\ql[1].css 2014 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OYPIUK1T\reclinks_titlebar[1].jpg 95 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXLC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[14].jpg 3834 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].htm 24130 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[5].jpg 3725 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\AmonRa2[1].jpg 15828 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAG52BWH.htm 1220 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\CAQNJWEK.jpg 7964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\counter[1].gif 715 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\desktop.ini 67 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Djn[1].jpg 7561 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\doodlecolour[1].jpg 128073 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\geov2_001[1].js 662 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[15].jpg 3702 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[16].jpg 3450 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[17].jpg 3498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[18].jpg 3412 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[19].jpg 2767 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].htm 24196 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[1].jpg 3892 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[20].jpg 2807 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[21].jpg 2513 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[22].jpg 1743 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[23].jpg 3365 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[24].jpg 1531 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[25].jpg 3209 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[26].jpg 1941 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[27].jpg 3616 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[28].jpg 4827 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[29].jpg 3539 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[2].jpg 4223 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[30].jpg 3578 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[31].jpg 3079 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[32].jpg 3759 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[33].jpg 4032 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[34].jpg 4430 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[35].jpg 2281 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[36].jpg 5363 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[37].jpg 3370 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[38].jpg 2217 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[39].jpg 4948 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].htm 24936 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[3].jpg 4835 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[40].jpg 4037 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[41].jpg 1920 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[42].jpg 2986 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[4].jpg 2436 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[10].jpg 2631 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[11].jpg 1964 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[12].jpg 4737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[13].jpg 3787 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[6].jpg 4277 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[7].jpg 2898 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[8].jpg 3847 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\images[9].jpg 3144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\notify[1].htm 19 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\P4s-sm[1].jpg 11166 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\PapyrusFrag[1].jpg 16144 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\search[1].HTML 4422 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\SenPapEsm[1].jpg 13006 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\seshatdetail1[1].jpg 28050 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Seti[1].jpg 32088 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Stone[1].htm 2551 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Sun4sm[1].jpg 8484 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QK1CPSXL\Udjat[1].jpg 17674 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\q45203612_1694[1].jpg 2498 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\ql[1].gif 51 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\QscrOverrides[1].js 3917 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_neigh_9800_v2_728x90_30k[1].gif 20139 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_nanomiddle[1].png 114 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\qw9045_mmc_mover_newly_9800_v2_160x600_30k[1].gif 18594 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RRXR7YX5\rdc_003399bullet[1].gif 55 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q137800444_1710[1].jpg 2432 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q27705805_3462[1].jpg 2690 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q43804037_9429[1].jpg 2679 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45201039_659[1].jpg 2497 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q45205457_4509[1].jpg 2737 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\q500297087_8349[1].jpg 2260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\rdc_expandmiddle[1].png 168 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S1MNK1AF\RDC_PleaseWaitIcon[1].gif 260 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\qbal3_wht[1].gif 235 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\ql[1].js 8614 bytesC:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\ZPRH6S3V\reclinks_rtcnr[1].gif 52 bytesC:\Documents and Settings\Guest\RecentC:\Documents and Settings\Guest\Recent\Casey Price.lnk 559 bytesC:\Documents and Settings\Guest\Recent\Desktop.ini 150 bytesC:\Documents and Settings\Guest\SendTo\RecordNow!.RecordNowSendToExt 0 bytesC:\Documents and Settings\Guest\Templates\QUATTRO.WB2 4017 bytesC:\Documents and Settings\Heather\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt 17376 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick LaunchC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytesC:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!C:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\FavoritesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\playlist.dat 5645 bytesC:\Documents and Settings\Heather\Application Data\Sonic\RecordNow!\sndfind.dat 1817 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTimeC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloadsC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\05\25dc877b-4f450ba7-96137012-ddd6010a.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\01C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10\4a4196e4-f38ef58d-fbdde8f8-d305e547.qtch 360000 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\03C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\11C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\13C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\04C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\05\c5e041df-d2db2150-102410e7-d48d4696.qtch 0 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15\cff4d7f6-4a04903d-4c3af0ca-3885f54f.qtch 766 bytesC:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\05C:\Documents and Settings\Heather\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\10C:\Documents and Settings\Heather\Local Settings\Temp\qdiagd.log 159 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qdiagd_2.log 120 bytesC:\Documents and Settings\Heather\Local Settings\Temp\qttwwgpv.dll 106516 bytes executableC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LUN8DIZ\records_DoraDanceFiesta_728[1].gif 42972 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\quick_search_hdr_ptv[1].gif 768 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\BFOGF5P8\QNCK_dora_logo[1].gif 1465 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\recordFlashVersion[1].js 386 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEJ4TI3\QNCK_dora_text[1].gif 2126 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\query[1].js 155 bytesC:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1INST6B\records_LazyTownCD_new_728[1].gif 37014 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K16JS1EZ\questionmark[1].gif 342 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\0HKTUBSD\quiz1430outcome1[1].jpg 34002 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz588outcome5[1].jpg 65919 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2FYRYXM3\quiz917outcome1[1].jpg 15960 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\2ZKJ6PSJ\qnd9[1].jpg 11183 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\49YB85AB\Q3national728[1].html 1123 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6K1A71GH\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\qEg[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8NIBI5KH\quiz817outcome1[1].jpg 23506 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\quote_begin._V51923589_[1].gif 108 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\8XMBCXQJ\recent[2].bmp 1082 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\A70DMTKV\quiz1260outcome3[1].jpg 17769 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AKX1ZJBB\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AXO3QHO5\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\QQ3DuQ[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\C1YVCDA7\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\EJCB5U6K\qw7907_mmc_4pb_9state_select_728x90_20k[1].gif 8297 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\Q306_6039_core_728x90_noecc_1500_t309[1].swf 13855 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\G3TFJWRS\quote42gb[1].png 18306 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GLG78FW7\quiz1442outcome3[1].jpg 53466 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\GNIBIYSG\RecentSearch_2[1].js 5854 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\q37296498[1].gif 2233 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\I3S1YHSL\qo95ra[1].jpg 60153 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quizilla728x90[1].gif 15555 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\IP4J2TYH\quote[1].gif 24573 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1233outcome4[1].jpg 10111 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\K1CP2BCL\quiz1260outcome1[1].gif 20790 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\LVAU6BY5\qw8366_mmc_dsl_deck_2699_728x90_30k[1].gif 12874 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\questionmark[1].gif 76 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MHQP635A\q[1].swf 7203 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\quiz628outcome1[1].jpg 10944 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\MLYZEHEP\QxyMg4rwXFqW3xBlRCbIjHG3I44lGwJXk1i0z3Dig9tdE7J47r[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\NA7GSJ0R\quotebankjobshot[1].gif 18885 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\O9250HAZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\q1145467115296[1].txt 5135 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\quiz588outcome4[1].jpg 43525 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\REC1[1].jpg 5495 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\PG10ZAXM\recentlyaddedlayouts[1].jpg 1019 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\SDEZSP2Z\quote_end._V51923589_[1].gif 109 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\q+iDtkzwisegSCysE7jY0C9MshwM9o0tf1iCObBR0NESFyGbNeh62lula9ctwdDj[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\U56F63UB\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\UFPBYVF0\quiz[1].jpg 2339 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev-1[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\ULSN6JWP\quote3bx4ev[1].jpg 12802 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\V1G81WT8\quiz794outcome4[1].jpg 20291 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\qbclub[1].gif 846 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quiz588outcome1[1].jpg 34598 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\W1QJKPQJ\quoteforgirls[1].jpg 22013 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qho9vqNQdZwM4vbVMeLSVMTPqbouG7Ie6a341qexD2nQPYV8f2B+aVYvuZRILR3n[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\Qm8U+ic62TJYfju[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WT0RO3KZ\rdY+mPR[1].txt 1 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quiz1432outcome2[1].jpg 40165 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\WTO9YVWZ\quote3bx4ev[1].jpg 12869 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quiz588outcome2[1].jpg 35188 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\quizilla300x125[1].gif 9535 bytesC:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YZYJYXUN\rectangles[1].gif 12697 bytesC:\Documents and Settings\Heather\RecentC:\Documents and Settings\Heather\Recent\Clouds.lnk 674 bytesC:\Documents and Settings\Heather\Recent\Heather Heidrich Per.lnk 610 bytesC:\Documents and Settings\Heather\Recent\015812.lnk 845 bytesC:\Documents and Settings\Heather\Recent\020038.lnk 845 bytesC:\Documents and Settings\Heather\Recent\023510.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032746.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032754.lnk 845 bytesC:\Documents and Settings\Heather\Recent\032806.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040019.lnk 845 bytesC:\Documents and Settings\Heather\Recent\040201.lnk 845 bytesC:\Documents and Settings\Heather\Recent\0402120026.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0402130038.lnk 867 bytesC:\Documents and Settings\Heather\Recent\0403140012.lnk 867 bytesC:\Documents and Settings\Heather\Recent\10-24-2005 10;19;38AM.lnk 771 bytesC:\Documents and Settings\Heather\Recent\173410620_l.lnk 699 bytesC:\Documents and Settings\Heather\Recent\2004_0103(001).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0103(002).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0106(005).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_0112(047).lnk 887 bytesC:\Documents and Settings\Heather\Recent\2004_1231Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image.lnk 594 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0011.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0026.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0032.lnk 907 bytesC:\Documents and Settings\Heather\Recent\2005_0128Image0040.lnk 907 bytesC:\Documents and Settings\Heather\Recent\Anne.lnk 682 bytesC:\Documents and Settings\Heather\Recent\aqk.lnk 655 bytesC:\Documents and Settings\Heather\Recent\casey and ann.lnk 831 bytesC:\Documents and Settings\Heather\Re

wisdom_of_trees · « **Reply #8 on:** May 26, 2008, 12:40:32 AM »

C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Email\index.htm 4061 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\css
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\css\BPStyles.css 1149 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images\blank_pixel.gif 807 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images\bullet.gif 821 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Images\CreateFileBrowse.gif 932 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\index.htm 5578 bytes
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Scripts
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Quick Guides\Share\Upload to the Web\Scripts\Browse.PspScript 1246 bytes
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Recife 377 bytes
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Qatar 77 bytes
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Qyzylorda 1028 bytes
C:\Program Files\Java\jre1.5.0_04\lib\zi\America\Recife 377 bytes
C:\Program Files\Java\jre1.5.0_04\lib\zi\Asia\Qatar 77 bytes
C:\Program Files\Java\jre1.5.0_04\lib\zi\Asia\Qyzylorda 1028 bytes
C:\Program Files\McAfee.com\Personal Firewall\data\rdns.idx 13 bytes
C:\Program Files\WildTangent\Apps\rDRM0302.dll 24576 bytes executable
C:\Program Files\Windows Media Player\Skins\QuickSilver.wmz 916798 bytes
C:\Program Files\Common Files\AOL\1126148325\ee\services\browser\ver1_1_1042\resources\en-US\shared\qaphandler.js 4995 bytes
C:\Program Files\Common Files\aolback\Comps\qt
C:\Program Files\Common Files\aolback\Comps\qt\qt.exe 7515304 bytes executable
C:\Program Files\Common Files\aolback\Comps\qt\QTInsInf.dll 86016 bytes executable
C:\Program Files\Common Files\aolshare\Coach\en_en\adpglobal\quit.gif 974 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_inactive.bmp 1334 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_new.bmp 1334 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_normal.bmp 1334 bytes
C:\Program Files\Common Files\aolshare\pictures\icons\receivedInMail_selected.bmp 1334 bytes
C:\Program Files\Dell\Media Experience\Plugins\PNGs\RecordNow.png 23330 bytes
C:\Program Files\Dell\Media Experience\Plugins\recordnow_music_export.dmx 1406 bytes
C:\Program Files\Dell Support\qdiagd.ocx 1458176 bytes executable
C:\Program Files\DellSupport\GTAction\handlers\qdiagh.dll 120320 bytes executable
C:\Program Files\DellSupport\GTAction\handlers\qdiagh.xml 109 bytes
C:\Program Files\DellSupport\qdiagd.ocx 567296 bytes executable
C:\Program Files\Sonic\RecordNow!
C:\Program Files\Sonic\RecordNow!\Explain
C:\Program Files\Sonic\RecordNow!\Explain\Bad_Read_Source.html 3665 bytes
C:\Program Files\Sonic\RecordNow!\Tutorial\Movies\Making_Music.swf 172510 bytes
C:\Program Files\Sonic\RecordNow!\Unicows.dll 245408 bytes executable
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\b_wink.bmp 1866 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\b_wink.gif 593 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\c_laugh.bmp 1870 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\c_laugh.gif 756 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\fantastic_new.bmp 1898 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\fantastic_new.gif 4143 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\laughter01.bmp 2042 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\laughter01.gif 11703 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\Order.dat 152 bytes
C:\Program Files\IncrediMail\Data\Default Identity\EmoticonCenter\reccomended.gif 1158 bytes
C:\Program Files\PartyPoker\Images\Qc.bmp 5698 bytes
C:\Program Files\PartyPoker\Images\qcg.bmp 5698 bytes
C:\Program Files\PartyPoker\Images\Qd.bmp 5698 bytes
C:\Program Files\PartyPoker\Images\qdb.bmp 5698 bytes

C:\QooBox
C:\QooBox\BackEnv
C:\QooBox\BackEnv\appdata.folder.dat 398 bytes
C:\QooBox\BackEnv\cache.folder.dat 480 bytes
C:\QooBox\BackEnv\desktop.folder.dat 233 bytes
C:\QooBox\BackEnv\favorites.folder.dat 295 bytes
C:\QooBox\BackEnv\localappdata.folder.dat 498 bytes
C:\QooBox\BackEnv\localsettings.folder.dat 389 bytes
C:\QooBox\BackEnv\mypictures.folder.dat 247 bytes
<Edited entries to save room>
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\epxkflwo.dll.vir 132116 bytes executable
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ewrgqcam.dll.vir 106516 bytes executable
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eybsoxaa.dll.vir 76412 bytes executable
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fiskntph.dll.vir 125460 bytes executable
C:\QooBox\Quarantine\catchme.log 2273 bytes
C:\QooBox\Quarantine\catchme2008-05-25_213513.27.zip 724672 bytes
C:\QooBox\Quarantine\Registry_backups
C:\QooBox\Quarantine\Registry_backups\Legacy_DOMAINSERVICE.reg.dat 1098 bytes
C:\QooBox\Quarantine\Registry_backups\Service_DomainService.reg.dat 2956 bytes
C:\QooBox\snapshot@2008-05-25_21.41.47.87.dat 410833 bytes
C:\QooBox\snapshot@2008-05-25_21.41.47.87_B.dat 383413 bytes
C:\RECYCLER
C:\RECYCLER\S-1-5-21-2212886115-4084876878-2786197212-1006
C:\RECYCLER\S-1-5-21-2212886115-4084876878-2786197212-1006\desktop.ini 65 bytes
C:\WINDOWS\Prefetch\QTPLUGININSTALLER.EXE-2F212EAF.pf 26544 bytes
C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf 41166 bytes
C:\WINDOWS\Prefetch\QUICKTIMEINSTALLER[1].EXE-21636A8F.pf 8804 bytes
C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-1FEBEAA1.pf 44132 bytes
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll 221184 bytes executable
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll 237568 bytes executable
C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\QuickTimeInstaller.exe 33147536 bytes executable
C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe 45056 bytes executable
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\Rdr60.mst 11776 bytes
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\Rdr60ENU.mst 6144 bytes
C:\WINDOWS\Installer\{AF19F291-F22F-4798-9662-525305AE9E48}\QPWShortcut.exe 57344 bytes executable
C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll 1287680 bytes executable
C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys 174592 bytes executable
C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys 139528 bytes executable
C:\WINDOWS\$NtUninstallKB904706$\quartz.dll 1287680 bytes executable
C:\WINDOWS\INF\QMGR.INF 6140 bytes
C:\WINDOWS\INF\QMGR.PNF 11416 bytes
C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\sp2gdr\quartz.dll 1287680 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\sp2qfe\quartz.dll 1287680 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\sp2gdr\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\sp2qfe\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\sp2gdr\query.dll 1435648 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\sp2qfe\query.dll 1435648 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74eac9a4b069a45e3e4e8d162f3dd349\sp2gdr\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74eac9a4b069a45e3e4e8d162f3dd349\sp2qfe\rdbss.sys 174592 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd5f937d0efd28640769c02449cb1c5f\sp2gdr\query.dll 1435648 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd5f937d0efd28640769c02449cb1c5f\sp2qfe\query.dll 1435648 bytes executable
C:\WINDOWS\SYSTEM32\stt82.ini 320 bytes
C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS 40320 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS 33152 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS 45312 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS 49024 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys 174592 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS 4224 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS 196864 bytes executable
C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys 139528 bytes executable
C:\WINDOWS\SYSTEM32\klgcptini.dat 0 bytes
C:\WINDOWS\SYSTEM32\pptp32.dll 42252 bytes executable
C:\WINDOWS\SYSTEM32\RDPWSX.DLL 87176 bytes executable
C:\WINDOWS\SYSTEM32\RDSADDIN.EXE 13824 bytes executable
C:\WINDOWS\SYSTEM32\RDSHOST.EXE 67072 bytes executable
C:\WINDOWS\SYSTEM32\rdvshalh.ini 693518 bytes
C:\WINDOWS\SYSTEM32\RECOVER.EXE 7168 bytes executable
C:\WINDOWS\SYSTEM32\qaahhvpn.exe 4628 bytes executable
C:\WINDOWS\SYSTEM32\QAPPSRV.EXE 16896 bytes executable
C:\WINDOWS\SYSTEM32\qasf.dll 221184 bytes executable
C:\WINDOWS\SYSTEM32\QCAP.DLL 192512 bytes executable
C:\WINDOWS\SYSTEM32\QDV.DLL 279040 bytes executable
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk 669 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI 119 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 683 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk 1769 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk 742 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Recent
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Recent\Desktop.ini 150 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\SendTo\RecordNow!.RecordNowSendToExt 0 bytes
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Templates\QUATTRO.WB2 4017 bytes
C:\WINDOWS\SYSTEM32\RDCHOST.DLL 147968 bytes executable
C:\WINDOWS\SYSTEM32\RDPCFGEX.DLL 4096 bytes executable
C:\WINDOWS\SYSTEM32\RDPCLIP.EXE 62464 bytes executable
C:\WINDOWS\SYSTEM32\RDPDD.DLL 92168 bytes executable
C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RDTONE.HTM 2597 bytes
C:\WINDOWS\SYSTEM32\OOBE\IMAGES\QMARK.ACS 1174050 bytes
C:\WINDOWS\SYSTEM32\OOBE\IMAGES\QMARK.GIF 2479 bytes
C:\WINDOWS\SYSTEM32\pptp64.sys 21840 bytes executable
C:\WINDOWS\SYSTEM32\QDVD.DLL 385024 bytes executable
C:\WINDOWS\SYSTEM32\RDPSND.DLL 19968 bytes executable
C:\WINDOWS\SYSTEM32\QEDIT.DLL 562176 bytes executable
C:\WINDOWS\SYSTEM32\QEDWIPES.DLL 733696 bytes executable
C:\WINDOWS\SYSTEM32\qeftgjjv.exe 13844 bytes executable
C:\WINDOWS\SYSTEM32\qfgrvnro.exe 12308 bytes executable
C:\WINDOWS\SYSTEM32\qgykaetf.ini 693595 bytes
C:\WINDOWS\SYSTEM32\qjcoqppf.exe 74260 bytes executable
C:\WINDOWS\SYSTEM32\qlhrwurr.exe 50708 bytes executable
C:\WINDOWS\SYSTEM32\qlsnhvse.dll 76412 bytes executable
C:\WINDOWS\SYSTEM32\QMGR.DLL 382464 bytes executable
C:\WINDOWS\SYSTEM32\QMGRPRXY.DLL 18944 bytes executable
C:\WINDOWS\SYSTEM32\QOSNAME.DLL 8192 bytes executable
C:\WINDOWS\SYSTEM32\QPROCESS.EXE 20480 bytes executable
C:\WINDOWS\SYSTEM32\qrphfojv.dll 132116 bytes executable
C:\WINDOWS\SYSTEM32\quartz.dll 1287168 bytes executable
C:\WINDOWS\SYSTEM32\QUERY.DLL 1435648 bytes executable
C:\WINDOWS\SYSTEM32\qvbtpuxn.dll 69140 bytes executable
C:\WINDOWS\SYSTEM32\QWINSTA.EXE 22016 bytes executable
C:\WINDOWS\SYSTEM32\qz.dll 42252 bytes executable
C:\WINDOWS\SYSTEM32\qz.sys 21840 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\qasf.dll 221184 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\ql1240.sys 40448 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\ql1280.sys 49024 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\qprocess.exe 20480 bytes executable
C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 1287168 bytes executable
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OL4RAYQR\qt_lo_1[1].gif 68 bytes
C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys 139400 bytes executable
C:\WINDOWS\$NtUninstallKB885835$\rdbss.sys 176512 bytes executable
C:\WINDOWS\Help\qosconcepts.chm 12752 bytes
C:\WINDOWS\Help\RECYCLE.CHM 19107 bytes
C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\RECORD_1.SWF 579582 bytes
C:\WINDOWS\Help\Tours\htmlTour\question_icon.jpg 2626 bytes
C:\WINDOWS\wt\webdriver\rdriver.dll 159744 bytes executable
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll 24576 bytes executable
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll 159744 bytes executable
C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.bmp 3898 bytes
C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.gif 750 bytes
C:\WINDOWS\Media\RECYCLE.WAV 25434 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8713

Finished

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:51 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: winupdt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: winupdt.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199658369254
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3119 bytes

guestolo · « **Reply #9 on:** May 26, 2008, 12:51:43 AM »

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

IN ADDITION with that log
Can you Please do the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Sorry, I just seen this

Quote

Also the Uninstall/Save This portion of HijackThis once
again doesn't seem to want to work.

If you can't get that part of Hijackthis to run
Can you try the following
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

wisdom_of_trees · « **Reply #10 on:** May 26, 2008, 01:06:11 AM »

Malwarebytes' Anti-Malware doesn't seem to want to successfully load onto this computer. I get the error message
"Error Loading Database #15054" after trying to start to load the application.

I downloaded the optional InstalledPrograms.zip and this is the log it has given me.

INSTALLED SOFTWARE (189) - FAMILIAROOM - 5/26/2008 12:10:33 AM

Adobe Acrobat - Reader 6.0.2 Update   Ver: 6.0.2   Installed: 1/20/2005
Adobe Flash Player ActiveX   Ver: 9.0.47.0
Adobe Reader 6.0.1   Ver: 006.000.001   Installed: 1/20/2005
Advanced System Optimizer   Ver: 2.20   Installed: 9/3/2007
AIM 6.0
AOL Explorer
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel   Ver: 6.14.10.5120
ATI Display Driver   Ver: 8.051-040825a-017900C-Dell
Banctec Service Agreement   Ver: 1.10.0000   Installed: 1/20/2005
Broadcom Advanced Control Suite 2   Ver: 7.58.01   Installed: 1/20/2005
Broadcom Advanced Control Suite 2   Ver: 7.58.01   Installed: 1/20/2005
CCHelp   Ver: 4.00.0000.0001   Installed: 1/25/2006
CCScore   Ver: 4.00.0000.0001   Installed: 1/25/2006
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool   Ver: 1.02.0000   Installed: 1/20/2005
Dell Media Experience   Ver: 3.0   Installed: 1/20/2005
Dell Media Experience Update
Dell Networking Guide   Ver: 1.00.0001   Installed: 1/20/2005
Dell Photo AIO Printer 922
Dell Picture Studio v3.0   Ver: 3.0.0   Installed: 1/20/2005
DellSupport   Ver: 6.0.3062   Installed: 4/23/2007
Digital Line Detect   Ver: 1.10
DVC5.1 Driver
ESSAdpt   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSANUP   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSCAM   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSCDBK   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESScore   Ver: 4.00.0000.0102   Installed: 1/25/2006
ESSgui   Ver: 4.00.0000.0004   Installed: 1/25/2006
ESShelp   Ver: 4.00.0000.0003   Installed: 1/25/2006
ESSini   Ver: 4.00.0000.0007   Installed: 1/25/2006
ESSPCD   Ver: 4.00.0000.0001   Installed: 1/25/2006
ESSSONIC   Ver: 4.00.0000.0003   Installed: 1/25/2006
ESSvpaht   Ver: 4.00.0000.0003   Installed: 1/25/2006
ESSvpot   Ver: 4.00.0000.0001   Installed: 1/25/2006
FilmLoop Player
FinePixViewer Ver.4.2
FirstClassÂ® Client   Ver: 9.0 (build 9.022)   Installed: 10/21/2007
FUJIFILM USB Driver
HighMAT Extension to Microsoft Windows XP CD Writing Wizard   Ver: 1.1.1905.1   Installed: 8/9/2005
HijackThis 2.0.2   Ver: 2.0.2
HLPIndex   Ver: 4.00.0000.0003   Installed: 1/25/2006
HLPRFO   Ver: 4.00.0000.0004   Installed: 1/25/2006
ImageMixer VCD2 for FinePix
iMesh
iMesh MediaBar
iMesh MediaBar
IncrediMail Xe   Ver: 5.6.7.3132
InstaFinderK
Intel Application Accelerator
Internet Explorer Default Page   Ver: 1.00.03   Installed: 1/20/2005
iPod for Windows   Ver: 3.8.0   Installed: 12/24/2005
iPod for Windows   Ver: 3.8.0   Installed: 12/24/2005
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 4   Ver: 1.5.0.40   Installed: 8/3/2005
Jasc Paint Shop Photo Album   Ver: 4.0.4   Installed: 1/29/2005
Jasc Paint Shop Photo Album 5   Ver: 5.1.0   Installed: 1/20/2005
Jasc Paint Shop Pro 8 Dell Edition   Ver: 8.10.0000   Installed: 1/29/2005
Jasc Paint Shop Pro Studio, Dell Editon   Ver: 1.00.0000   Installed: 1/20/2005
Java 2 Runtime Environment, SE v1.4.2_03   Ver: 1.4.2_03   Installed: 1/20/2005
Kodak EasyShare software
KSU   Ver: 632.62.0002.0001   Installed: 1/25/2006
Lame ACM MP3 Codec
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware      Installed: 5/26/2008
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 2/11/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer   Ver: 1.1.0.3514   Installed: 1/20/2005
Microsoft Plus! Photo Story 2 LE   Ver: 1.1.0.3463   Installed: 1/20/2005
MicroStaff WINASPI
Modem Helper   Ver: 2.28
Mozilla Firefox (2.0.0.14)   Ver: 2.0.0.14 (en-US)
Notifier   Ver: 4.00.0000.0001   Installed: 1/25/2006
OTtBP   Ver: 4.00.0000.0003   Installed: 1/25/2006
OTtBPSDK   Ver: 4.00.0000.0000   Installed: 1/25/2006
PCDADDIN   Ver: 4.00.0000.0001   Installed: 1/25/2006
PCDHELP   Ver: 4.0000.0000.0002   Installed: 1/25/2006
PCDLNCH   Ver: 4.00.0000.0101   Installed: 1/25/2006
Photo Click   Ver: 1.0.0   Installed: 1/20/2005
PowerDVD 5.3
ProfileWatcher 2.0      Installed: 1/17/2007
RAW FILE CONVERTER LE
RealPlayer Basic
Registry Cleaner 4.0   Ver: 4.00   Installed: 9/3/2007
RelevantKnowledge
Samsung DVC Media 5.1
Samsung Media Studio
Samsung Multimedia Studio
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010   Installed: 6/16/2005
Security Update for Windows Media Player (KB911564)      Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 6/15/2006
Security Update for Windows XP (KB883939)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 11/8/2005
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896688)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB899588)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 8/10/2005
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 7/13/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB903235)   Ver: 1   Installed: 7/13/2005
Security Update for Windows XP (KB904706)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 10/20/2005
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 12/17/2005
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 1/11/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 2/19/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 4/17/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 1/7/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 2/19/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 5/12/2006
Security Update for Windows XP (KB914388)   Ver: 1   Installed: 7/14/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB917159)   Ver: 1   Installed: 7/14/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB917422)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB918899)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920214)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920670)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920683)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB921398)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB921883)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB922616)   Ver: 1   Installed: 8/10/2006
SFR   Ver: 3.03.0000.0001   Installed: 1/25/2006
SFR2   Ver: 3.03.0000.0002   Installed: 1/25/2006
Sonic DLA   Ver: 4.95   Installed: 1/20/2005
Sonic MyDVD   Ver: 5.3.0   Installed: 1/20/2005
Sonic RecordNow!   Ver: 7.3   Installed: 1/20/2005
Sonic Update Manager   Ver: 2.9   Installed: 1/20/2005
Update for Windows XP (KB894391)   Ver: 1   Installed: 8/10/2005
Update for Windows XP (KB896727)   Ver: 1   Installed: 8/10/2005
Update for Windows XP (KB898461)   Ver: 1   Installed: 6/28/2005
Update for Windows XP (KB900485)   Ver: 2   Installed: 4/26/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 12/17/2005
Update for Windows XP (KB916595)   Ver: 1   Installed: 7/14/2006
Viewpoint Media Player
VPRINTOL   Ver: 4.00.0000.0001   Installed: 1/25/2006
WeatherBug   Ver: WeatherBug 6.0.0.0
WebFldrs XP   Ver: 9.50.7523   Installed: 8/10/2004
WildTangent Web Driver
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 10   Ver: 9.00.3636   Installed: 1/20/2005
Windows XP Hotfix - KB834707   Ver: 20040929.110854
Windows XP Hotfix - KB867282   Ver: 20050127.090417
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890047   Ver: 20041221.124506
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 4/13/2005
Windows XP Hotfix - KB890923   Ver: 1   Installed: 4/13/2005
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893066   Ver: 1   Installed: 4/13/2005
Windows XP Hotfix - KB893086   Ver: 1   Installed: 4/13/2005
WordPerfect Office 12   Ver: 12.0.0.238   Installed: 1/20/2005
XviD MPEG-4 Video Codec   Ver: XviD-1.0.3-20122004
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Music Jukebox
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

guestolo · « **Reply #11 on:** May 26, 2008, 01:19:23 AM »

Can you try the following instead

Access your Add and Remove programs and remove the following if possible
iMesh
iMesh MediaBar
InstaFinderK
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment
Registry Cleaner 4.0
RelevantKnowledge
Viewpoint Media Player
WeatherBug
WildTangent Web Driver

Reboot after everything or anything you can is removed

Back in Windows

download and install [color=\"#FF0000\"]SUPERAntiSpyware[/color]

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when itâ€™s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.

wisdom_of_trees · « **Reply #12 on:** May 26, 2008, 02:10:50 AM »

SUPERAntiSpyware Scan Log http://www.superantispyware.comGenerated 05/26/2008 at 01:06 AMApplication Version : 4.1.1046Core Rules Database Version : 3468Trace Rules Database Version: 1459Scan type : Complete ScanTotal Scan Time : 00:25:12Memory items scanned : 272Memory threats detected : 1Registry items scanned : 4246Registry threats detected : 117File items scanned : 18617File threats detected : 586Trojan.Downloader-PATDUM C:\WINDOWS\FONTS\TFPAFX.DLL C:\WINDOWS\FONTS\TFPAFX.DLL HKLM\Software\Classes\CLSID\{B729C284-26F0-478D-A341-88B2476E5759} HKCR\CLSID\{B729C284-26F0-478D-A341-88B2476E5759} HKCR\CLSID\{B729C284-26F0-478D-A341-88B2476E5759}\InprocServer32 HKCR\CLSID\{B729C284-26F0-478D-A341-88B2476E5759}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B729C284-26F0-478D-A341-88B2476E5759} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\tfpafx C:\WINDOWS\SYSTEM\SAPA.DLLAdware.180solutions/Search Assistant HKLM\Software\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID C:\WINDOWS\DOWNLOADED PROGRAM FILES\CLIENTAX.DLL HKLM\Software\Classes\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Control HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32#ThreadingModel HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Programmable HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Control HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InprocServer32 HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InprocServer32#ThreadingModel HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\MiscStatus HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\MiscStatus\1 HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\ProgID HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Programmable HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\ToolboxBitmap32 HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\TypeLib HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Version HKCR\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}\VersionIndependentProgID HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#VersionUnclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\XXYXYVW.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}Adware.ClickSpring HKLM\Software\Classes\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6} HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6} HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\InprocServer32 HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\InprocServer32#ThreadingModel HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\Programmable HKCR\CLSID\{91996F21-D1C7-D167-EE5A-FE8A308528E6}\TypeLib C:\WINDOWS\SYSTEM32\BQBCOZEM.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91996F21-D1C7-D167-EE5A-FE8A308528E6} C:\DOCUMENTS AND SETTINGS\MEGHAN\LOCAL SETTINGS\TEMP\MSHTML2.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1041\A0212604.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1067\A0213883.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1074\A0214871.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214914.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214915.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214917.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214928.EXE C:\WINDOWS\SYSTEM32\KMMY(2).DLLAdware.WhenU C:\Program Files\Save\ACM.dll C:\Program Files\SaveAdware.180solutions/ZangoSearch HKCR\ClientAX.ClientInstaller HKCR\ClientAX.ClientInstaller\CLSID HKCR\ClientAX.ClientInstaller\CurVer HKCR\ClientAX.ClientInstaller.1 HKCR\ClientAX.ClientInstaller.1\CLSID HKCR\ClientAX.RequiredComponent HKCR\ClientAX.RequiredComponent\CLSID HKCR\ClientAX.RequiredComponent\CurVer HKCR\ClientAX.RequiredComponent.1 HKCR\ClientAX.RequiredComponent.1\CLSID HKCR\ClientAX.ZangoClientAX HKCR\ClientAX.ZangoClientAX\CLSID HKCR\ClientAX.ZangoClientAX\CurVer HKCR\ClientAX.ZangoClientAX.1 HKCR\ClientAX.ZangoClientAX.1\CLSID HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version C:\DOCUMENTS AND SETTINGS\MEGHAN\LOCAL SETTINGS\TEMP\RES20.TMPTrojan.NewDotNet HKU\.DEFAULT\Software\New.net HKU\S-1-5-18\Software\New.net C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_90.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_98.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_14.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214929.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214933.EXERegistry Cleaner Trial HKU\S-1-5-21-2212886115-4084876878-2786197212-1006\Software\SoftwareOnline.com C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2006-11-12,07-39 54 500.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-22 03 279.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-23 45 263.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-25 35 731.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-26 38 262.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-03,19-27 54 246.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-09-14,16-36 02 343.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-03,13-54 11 099.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-16,20-13 54 012.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-22,11-00 09 453.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups\2007-11-24,11-54 56 937.zip C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\Backups C:\Documents and Settings\Heidrichs\Application Data\Registry Cleaner\RegClean.ini C:\Documents and Settings\Heidrichs\Application Data\Registry CleanerTrojan.Avpe64/32 C:\WINDOWS\system32\klgcptini.dat C:\WINDOWS\system32\stt82.iniAdware.GAIN/Gator HKLM\Software\Gator.com HKLM\Software\Gator.com\Trickler HKLM\Software\Gator.com\Trickler#AppPath HKLM\Software\Gator.com\Trickler#OldTricklerRogue.AntiSpywareMaster C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster HKU\S-1-5-21-2212886115-4084876878-2786197212-1006\Software\AntiSpywareMaster HKU\S-1-5-21-2212886115-4084876878-2786197212-1006\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350} C:\Documents and Settings\Heidrichs\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk C:\Documents and Settings\Heidrichs\Desktop\AntiSpywareMaster.lnk C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214893.EXEAdware.Tracking Cookie statse.webtrendslive.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ehg-legonewyorkinc.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ehg-legonewyorkinc.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .edge.ru4.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] .bluestreak.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h1q2pm9q.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] te.kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .kontera.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] www.zango.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .socialmedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .socialmedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaremaster.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] sale.antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adnetserver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hornymatches.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adlegend.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .bluestreak.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .eyewonder.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .112.2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .americanskiingco.112.2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .atwola.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .northwestairlines.112.2o7.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] anad.tacoda.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] ads.revsci.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .consumergain.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .consumergain.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .revenue.net [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adinterax.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adinterax.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Heidrichs\Application Data\Mozilla\Firefox\Profiles\vdg8fduf.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Hei

guestolo · « **Reply #13 on:** May 26, 2008, 09:59:46 AM »

I don't think I got to see the bottom of the log from SuperAntispyware

That's Ok, can you do me a favor
Run Combofix again, when it's done, post the new log that opens

wisdom_of_trees · « **Reply #14 on:** May 26, 2008, 11:48:12 AM »

ComboFix 08-05-25.3 - Heidrichs 2008-05-26 10:42:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.312 [GMT -6:00]
Running from: C:\Documents and Settings\Heidrichs\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qgykaetf.ini
C:\WINDOWS\system32\qvbtpuxn.dll
C:\WINDOWS\system32\rdvshalh.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C421.lfa
2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C420.lfa
2008-05-26 03:01 . 2008-05-26 03:01   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-05-26 03:01 . 2008-05-26 03:01   206   --a------   C:\WINDOWS\SYSTEM32\MRT.INI
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\SUPERAntiSpyware.com
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 00:38 . 2008-05-26 00:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\Malwarebytes
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:17 . 2008-05-25 22:17   449,462   --a------   C:\HaxFix.exe
2008-05-25 21:51 . 2007-07-09 07:09   584,192   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-05-24 21:10 . 2008-05-24 21:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-23 22:23 . 2008-05-23 22:23   4,286   --a------   C:\WINDOWS\SYSTEM32\Jamster.ico
2008-05-13 05:50 . 2008-05-24 20:18   5,430   --a------   C:\WINDOWS\SYSTEM32\rloci.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 06:34   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-05-26 06:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-05-26 06:30   ---------   d-----w   C:\Program Files\WildTangent
2008-05-26 06:30   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-26 06:27   ---------   d-----w   C:\Program Files\iMesh Applications
2008-05-26 03:03   903,890   --sh--w   C:\WINDOWS\Fonts\xfapft.bak1
2008-05-25 03:02   821,289   --sh--w   C:\WINDOWS\Fonts\xfapft.bak2
2008-05-12 02:52   ---------   d-----w   C:\Documents and Settings\Heidrichs\Application Data\Corel
2008-04-23 04:41   0   -c--a-w   C:\WINDOWS\Fonts\mcrh.tmp
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12   151,583   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47   1,845,248   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2007-01-23 01:24   337,290   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
2007-01-01 05:00   337,290   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizupd.bin
2006-11-14 01:10   337,290   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizupd.bin
2005-12-05 05:50   280,064   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizhook.bin
2005-09-12 23:19   280,064   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
2005-08-19 07:05   280,064   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizhook.bin
2006-11-17 02:38   751,332   -csh--w   C:\WINDOWS\SYSTEM\apas.bak1
2006-11-23 02:19   765,400   -csh--w   C:\WINDOWS\SYSTEM\apas.bak2
.

((((((((((((((((((((((((((((( snapshot@2008-05-25_21.41.47.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-28 01:14:56   174,592   ----a-w   C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
+ 2005-06-10 04:06:01   139,528   ----a-w   C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
+ 2005-08-30 04:13:42   1,287,680   ----a-w   C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll
+ 2006-11-27 15:17:10   539,136   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:17:10   433,664   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2006-10-12 13:54:18   42,496   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
+ 2006-10-12 13:54:18   57,344   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
+ 2006-10-12 11:54:07   256,512   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-16 10:29:15   248,320   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
+ 2006-08-16 12:08:32   100,352   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39   225,664   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-14 12:00:42   332,928   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-10-13 12:41:38   64,000   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38   142,336   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12   163,456   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38   65,536   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:37:49   726,528   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:37:49   337,408   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:37:49   132,096   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2007-03-08 15:48:36   282,112   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:36   40,960   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:36   578,048   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 13:49:49   1,843,968   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-19 13:59:58   713,216   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
+ 2006-10-16 17:14:17   122,880   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:16:49   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:16:49   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:16:49   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:16:51   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:16:56   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2006-12-26 13:18:55   536,576   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:18:55   180,224   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 13:18:55   200,704   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:18:55   102,400   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2006-12-19 18:47:14   333,824   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
+ 2006-12-19 21:50:10   8,458,752   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:50:10   135,168   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:10:56   248,320   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
+ 2007-05-16 15:32:55   86,528   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55   683,520   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56   1,314,816   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56   510,976   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56   85,504   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:45:03   292,864   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36   574,976   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:19:14   185,344   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-02-28 09:53:04   2,137,600   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 09:15:56   2,059,392   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:15:59   2,017,280   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:55:14   2,182,144   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
+ 2007-03-09 13:58:57   57,344   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:28:00   248,320   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2007-07-18 10:33:06   60,416   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
+ 2007-04-16 16:07:27   986,112   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22   144,896   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12   1,104,896   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23   364,160   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-06-26 15:16:01   851,968   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03   1,033,216   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-08-21 06:25:02   683,520   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-30 16:53:32   360,832   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27   1,845,888   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:29:10   551,936   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47   727,040   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13   450,560   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13   417,792   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-11-13 08:47:45   20,480   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35   147,968   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36   45,568   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59   179,712   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-02-16 09:32:03   1,024,000   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03   151,040   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03   1,054,208   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04   357,888   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04   205,312   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04   55,808   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53   18,432   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04   251,904   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04   96,256   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04   16,384   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06   3,066,880   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06   449,024   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06   146,432   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07   532,480   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07   39,424   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08   1,499,136   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08   474,112   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08   618,496   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09   666,112   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21   351,744   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43   282,624   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2008-01-23 04:56:21   554,008   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11   518,944   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11   326,432   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11   1,516,568   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11   355,112   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13   151,583   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12   60,192   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12   248,608   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12   219,936   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12   355,104   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13   432,928   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13   322,336   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13   559,904   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13   264,992   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13   838,432   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14   621,344   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14   355,104   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2004-08-04 11:00:00   176,512   -c----w   C:\WINDOWS\$NtUninstallKB885835$\rdbss.sys
+ 2004-08-04 11:00:00   139,400   -c----w   C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys
+ 2004-08-04 11:00:00   1,287,680   -c----w   C:\WINDOWS\$NtUninstallKB904706$\quartz.dll
+ 2004-08-04 11:00:00   41,984   -c----w   C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
+ 2005-04-22 05:06:42   57,344   -c----w   C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
+ 2004-08-04 11:00:00   256,512   -c----w   C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
+ 2006-06-23 08:34:35   24,576   -c----w   C:\WINDOWS\$NtUninstallKB920213$\xpsp3res.dll
+ 2004-08-04 11:00:00   100,352   -c----w   C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB922819$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00   223,616   -c----w   C:\WINDOWS\$NtUninstallKB922819$\tcpip6.sys
+ 2004-08-04 11:00:00   611,328   -c----w   C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
+ 2005-10-12 23:12:26   213,216   -c----w   C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34   371,424   -c----w   C:\WINDOWS\$NtUninstallKB923191$\spuninst\updspapi.dll
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB923414$\spuninst\updspapi.dll
+ 2006-04-21 06:12:27   332,800   -c----w   C:\WINDOWS\$NtUninstallKB923414$\srv.sys
+ 2004-08-04 11:00:00   144,384   -c----w   C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
+ 2005-10-12 23:16:49   213,216   -c----w   C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56   371,424   -c----w   C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
+ 2006-07-14 15:31:39   332,288   -c----w   C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll
+ 2005-10-12 23:12:26   213,216   -c----w   C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34   371,424   -c----w   C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00   132,096   -c----w   C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
- 2005-02-11 21:15:18   1,257,472   -c--a-w   C:\WINDOWS\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-26 09:03:56   1,265,664   ----a-w   C:\WINDOWS\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-08-10 19:11:14   1,224,704   -c--a-w   C:\WINDOWS\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-26 09:03:56   1,232,896   ----a-w   C:\WINDOWS\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-26 09:04:03   61,440   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_70cb5017\CustomMarshalers.dll
+ 2008-05-26 09:04:19   3,391,488   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\1.0.5000.0__b77a5c561934e089_e9ac939e\mscorlib.dll
+ 2008-05-26 09:04:16   1,470,464   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ee7761d9\System.Design.dll
+ 2008-05-26 09:04:04   90,112   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6ed80b9a\System.Drawing.Design.dll
+ 2008-05-26 09:04:17   835,584   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8c18d152\System.Drawing.dll
+ 2008-05-26 09:04:09   3,018,752   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3fd028e2\System.Windows.Forms.dll
+ 2008-05-26 09:04:13   2,088,960   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8239dd21\System.Xml.dll
+ 2008-05-26 09:04:03   1,966,080   ----a-w   C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2d10014d\System.dll
- 2008-05-26 03:37:52   2,048   --s-a-w   C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-26 12:06:31   2,048   --s-a-w   C:\WINDOWS\BOOTSTAT.DAT
+ 2005-10-18 17:37:06   33,147,536   ----a-w   C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\QuickTimeInstaller.exe
- 2005-03-02 00:57:44   2,135,552   -c----w   C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
+ 2007-02-28 09:08:48   2,136,064   ------w   C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
- 2005-03-02 00:34:40   2,056,832   -c----w   C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
+ 2007-02-28 08:38:55   2,057,600   ------w   C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
- 2005-03-02 00:34:42   2,015,232   -c----w   C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
+ 2007-02-28 08:38:57   2,015,744   ------w   C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
- 2005-03-02 00:59:53   2,179,328   -c----w   C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
+ 2007-02-28 09:10:57   2,180,352   ------w   C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
- 2004-08-04 11:00:00   1,032,192   ----a-w   C:\WINDOWS\EXPLORER.EXE
+ 2007-06-13 10:23:07   1,033,216   ----a-w   C:\WINDOWS\explorer.exe
- 2005-05-04 21:33:52   1,077,312   -c--a-w   C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2006-08-21 21:57:14   1,077,321   ----a-w   C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2005-01-20 21:39:25   45,056   ----a-r   C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe
+ 2005-01-20 21:37:30   57,344   ----a-r   C:\WINDOWS\Installer\{AF19F291-F22F-4798-9662-525305AE9E48}\QPWShortcut.exe
+ 2008-05-26 09:01:58   32,768   ----a-r   C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-05-26 06:39:23   18,944   ----a-r   C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-26 06:39:23   65,024   ----a-r   C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2004-07-15 07:49:16   258,048   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 03:30:52   258,048   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 07:49:22   32,768   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 03:30:52   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 06:32:22   81,920   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 02:57:52   81,920   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 01:09:14   86,016   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORIE.DLL
+ 2007-04-14 02:57:58   86,016   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 06:25:06   315,392   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
+ 2007-04-14 02:56:30   315,392   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:33:04   102,400   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORLD.DLL
+ 2007-04-14 02:58:00   102,400   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 20:29:02   2,138,112   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORLIB.DLL
+ 2007-04-14 02:50:46   2,142,208   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 01:09:18   77,824   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORSN.DLL
+ 2007-04-14 02:58:02   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 06:26:52   2,510,848   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORSVR.DLL
+ 2007-04-14 02:57:00   2,523,136   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 06:28:34   2,502,656   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORWKS.DLL
+ 2007-04-14 02:57:28   2,514,944   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-06-22 19:52:22   106,496   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 22:11:26   73,728   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 07:49:16   258,048   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_aspnet_isapi.dll
+ 2004-07-15 06:32:22   81,920   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_CORPerfMonExt.dll
+ 2004-07-15 06:24:30   282,624   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_FUSION.DLL
+ 2004-07-15 06:25:06   315,392   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORJIT.DLL
+ 2004-07-15 20:29:02   2,138,112   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORLIB.DLL
+ 2003-02-21 01:09:18   77,824   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORSN.DLL
+ 2004-07-15 06:26:52   2,510,848   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORSVR.DLL
+ 2004-07-15 06:28:34   2,502,656   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSCORWKS.DLL
+ 2003-02-21 10:42:22   348,160   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_MSVCR71.DLL
+ 2004-07-15 06:34:50   94,208   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_PerfCounter.dll
- 2004-07-15 20:31:16   1,224,704   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 03:35:38   1,232,896   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 13:20:12   1,257,472   -c--a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 03:35:46   1,265,664   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2004-08-04 11:00:00   41,984   -c--a-w   C:\WINDOWS\MSAGENT\AGENTDP2.DLL
+ 2006-10-12 14:02:52   42,496   ----a-w   C:\WINDOWS\MSAGENT\agentdp2.dll
- 2005-04-22 05:06:42   57,344   -c--a-w   C:\WINDOWS\MSAGENT\agentdpv.dll
+ 2007-03-09 13:46:24   57,344   ----a-w   C:\WINDOWS\MSAGENT\agentdpv.dll
- 2004-08-04 11:00:00   256,512   -c--a-w   C:\WINDOWS\MSAGENT\AGENTSVR.EXE
+ 2006-10-12 11:09:53   256,512   ----a-w   C:\WINDOWS\MSAGENT\agentsvr.exe
+ 2004-08-04 11:00:00   237,568   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2004-09-15 18:27:54   221,184   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-08-04 11:00:00   100,352   ----a-w   C:\WINDOWS\SYSTEM32\6TO4SVC.DLL
+ 2006-08-16 11:58:05   100,352   ----a-w   C:\WINDOWS\SYSTEM32\6to4svc.dll
- 2006-06-23 11:02:49   1,022,976   ----a-w   C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-02-16 08:59:34   1,023,488   ----a-w   C:\WINDOWS\SYSTEM32\browseui.dll
- 2006-06-23 11:02:49   151,040   ----a-w   C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-02-16 08:59:35   151,040   ----a-w   C:\WINDOWS\SYSTEM32\cdfview.dll
- 2004-08-04 11:00:00   611,328   ----a-w   C:\WINDOWS\SYSTEM32\COMCTL32.DLL
+ 2006-08-25 15:45:58   617,472   ----a-w   C:\WINDOWS\SYSTEM32\comctl32.dll
- 2008-05-26 03:37:53   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-05-26 06:35:55   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-05-26 03:37:53   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-26 06:35:55   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-26 03:37:53   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-26 06:35:55   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-23 11:02:50   1,054,208   ----a-w   C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-02-16 08:59:35   1,054,208   ----a-w   C:\WINDOWS\SYSTEM32\danim.dll
- 2004-08-04 11:00:00   100,352   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\6to4svc.dll
+ 2006-08-16 11:58:05   100,352   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\6to4svc.dll
- 2004-08-04 11:00:00   41,984   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdp2.dll
+ 2006-10-12 14:02:52   42,496   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdp2.dll
- 2005-04-22 05:06:42   57,344   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdpv.dll
+ 2007-03-09 13:46:24   57,344   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentdpv.dll
- 2004-08-04 11:00:00   256,512   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentsvr.exe
+ 2006-10-12 11:09:53   256,512   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\agentsvr.exe
- 2006-06-23 11:02:49   1,022,976   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-02-16 08:59:34   1,023,488   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
- 2006-06-23 11:02:49   151,040   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-02-16 08:59:35   151,040   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
- 2004-08-04 11:00:00   611,328   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\comctl32.dll
+ 2006-08-25 15:45:58   617,472   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\comctl32.dll
- 2006-06-23 11:02:50   1,054,208   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
+ 2008-02-16 08:59:35   1,054,208   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
- 2004-08-04 11:00:00   561,179   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
+ 2008-03-25 04:50:25   554,008   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
- 2004-08-04 11:00:00   81,408   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\directdb.dll
+ 2007-05-16 15:12:00   86,528   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\directdb.dll
- 2006-06-26 17:37:10   148,480   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43   148,992   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43   45,568   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
+ 2006-08-22 10:05:26   498,742   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxmasf.dll
- 2006-06-23 11:02:50   357,888   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-02-16 08:59:35   357,888   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-06-23 11:02:50   205,312   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-02-16 08:59:35   205,312   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-06-13 10:23:07   1,033,216   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
- 2006-06-23 11:02:50   55,808   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-02-16 08:59:35   55,808   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2005-12-29 02:54:35   280,064   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
+ 2008-02-20 06:51:05   282,624   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
- 2006-06-23 08:35:52   18,432   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2008-02-15 09:23:37   18,432   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
- 2006-06-23 11:02:50   251,392   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-02-16 08:59:35   251,392   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
- 2006-07-27 13:24:46   679,424   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
+ 2007-08-21 06:15:44   683,520   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
- 2006-06-23 11:02:50   96,256   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2008-02-16 08:59:35   96,256   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2006-05-18 05:24:25   450,560   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-12-18 14:40:58   450,560   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
- 2006-06-23 11:02:50   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-02-16 08:59:35   16,384   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-07-05 10:55:01   984,064   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\kernel32.dll
+ 2007-04-16 15:52:53   984,576   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\kernel32.dll
- 2004-10-28 01:21:01   721,920   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2007-11-07 09:26:56   721,920   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2007-03-08 15:36:28   40,960   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mf3216.dll
+ 2006-11-01 19:17:45   927,504   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mfc40u.dll
+ 2006-10-14 08:13:25   981,760   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mfc42u.dll
+ 2007-12-18 09:51:35   179,584   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
- 2004-08-04 11:00:00   536,576   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msado15.dll
+ 2006-12-26 13:07:23   536,576   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msado15.dll
- 2004-08-04 11:00:00   180,224   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadomd.dll
+ 2006-12-26 13:07:23   180,224   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadomd.dll
- 2004-08-04 11:00:00   200,704   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadox.dll
+ 2006-12-26 13:07:23   200,704   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msadox.dll
+ 2008-03-25 04:50:28   518,944   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
+ 2008-03-25 04:50:30   326,432   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
+ 2006-11-27 14:54:06   539,136   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msftedit.dll
- 2006-07-28 11:28:54   3,054,080   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-02-16 22:29:38   3,059,712   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2006-06-23 11:02:51   448,512   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-02-16 08:59:37   449,024   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-25 04:50:34   1,516,568   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
+ 2008-03-25 04:50:40   355,112   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll
- 2004-08-04 11:00:00   102,400   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjro.dll
+ 2006-12-26 13:07:23   102,400   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjro.dll
+ 2008-03-25 04:50:42   60,192   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
+ 2008-03-25 04:50:42   248,608   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
+ 2008-03-25 04:50:44   219,936   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
- 2006-03-17 09:07:17   1,311,744   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msoe.dll
+ 2007-05-16 15:12:08   1,314,816   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msoe.dll
+ 2008-03-25 04:50:45   355,104   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
- 2006-06-23 11:02:51   146,432   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-02-16 08:59:37   146,432   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-25 04:50:47   432,928   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
+ 2008-03-25 04:50:49   322,336   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
+ 2008-03-25 04:50:52   559,904   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
+ 2008-03-25 04:50:55   264,992   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
- 2006-06-23 11:02:51   532,480   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-02-16 08:59:37   532,480   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-25 04:50:57   838,432   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
+ 2008-03-25 04:50:58   621,344   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll
+ 2008-03-25 04:50:58   355,104   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
- 2004-08-04 11:00:00   1,236,480   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
+ 2007-06-26 06:08:16   1,104,896   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
- 2006-07-14 15:31:39   332,288   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
+ 2006-08-17 12:28:27   332,288   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
- 2004-08-04 11:00:00   574,592   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntfs.sys
+ 2007-02-09 11:10:35   574,464   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntfs.sys
+ 2007-02-28 09:08:48   2,136,064   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2007-02-28 08:38:55   2,057,600   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2007-02-28 08:38:57   2,015,744   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2007-02-28 09:10:57   2,180,352   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2004-08-04 11:00:00   144,384   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\nwprovau.dll
+ 2006-10-13 12:35:12   142,336   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\nwprovau.dll
+ 2007-12-04 18:38:13   550,912   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
+ 2006-10-16 16:15:00   122,880   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\oledlg.dll
- 2006-06-23 11:02:51   39,424   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-02-16 08:59:37   39,424   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2004-09-15 18:27:54   221,184   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\qasf.dll
+ 2001-08-17 19:52:16   40,448   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ql1240.sys
+ 2001-08-17 19:52:18   49,024   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ql1280.sys
+ 2004-08-04 11:00:00   20,480   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\qprocess.exe
+ 2005-08-30 03:54:26   1,287,168   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
+ 2006-11-27 14:54:06   433,152   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\riched20.dll
+ 2007-04-25 14:21:15   144,896   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\schannel.dll
- 2006-06-23 11:02:51   1,494,016   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-02-16 08:59:38   1,494,528   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
- 2006-07-13 13:33:27   8,453,632   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-10-26 03:36:51   8,454,656   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
- 2006-06-23 11:02:51   474,112   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-02-16 08:59:38   474,112   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2006-12-19 21:52:18   134,656   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\shsvcs.dll
- 2006-04-21 06:12:27   332,800   -c--a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
+ 2006-08-14 10:34:41   332,928   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
+ 2006-08-21 15:52:08   246,814   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\strmdll.dll
+ 2006-10-19 13:56:32   713,216   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\sxs.dll
- 2006-04-20 11:51:50   359,808   -c----w   C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
+ 2007-10-30 17:20:55   360,064   ------w   C:\WINDOWS\SYSTEM32

guestolo · « **Reply #15 on:** May 26, 2008, 12:12:49 PM »

Can you do the following
Delete your copy of Combofix

Then redownload a fresh copy from > [color=\"#FF0000\"]HERE [/color]<
Save it to desktop

Don't run it yet
Instead, ==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
C:\WINDOWS\Fonts\xfapft.bak1
C:\WINDOWS\Fonts\xfapft.bak2
C:\WINDOWS\Fonts\mcrh.tmp
C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
C:\Documents and Settings\Guest\Application Data\tizupd.bin
C:\Documents and Settings\Heather\Application Data\tizupd.bin
C:\Documents and Settings\Guest\Application Data\tizhook.bin
C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
C:\Documents and Settings\Heather\Application Data\tizhook.bin
C:\WINDOWS\SYSTEM\apas.bak1
C:\WINDOWS\SYSTEM\apas.bak2
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\winupdt.exe
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILIAROOM-Zach).job
Folder::
C:\WINDOWS\wt
C:\Program Files\WildTangent
C:\Documents and Settings\All Users\Application Data\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw]

[/color]
Save this as txtfile on your desktop
name it:
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts

Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Take notice: Combofix may prompt that the computer needs to reboot, don't interrupt it
Allow it too

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log again later

But for now
Download and save to your Desktop
Avira AntiVir

Install Avira AntiVir from desktop
Ensure that you have it check for Updates
If it starts to run a scan, just exit out of it for now

After updating, reboot the computer, this ensures Windows sees it is fully up to date
Back in Windows
Time to run your first scan
Double click the Avira icon by the clock (the red Umbrella icon)
Click on Scan System now
The scan will begin

Quarantine or delete everything it finds
When the scan is finished, if it finds anything
Can you reboot the computer one last time

Then come back here and post a fresh hijackthis log
In addition
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
Post the contents of this report please along with the log from combofix

wisdom_of_trees · « **Reply #16 on:** May 26, 2008, 01:26:03 PM »

The Avira Antivirus Log:

Avira AntiVir Personal
Report file date: Monday, May 26, 2008 11:40

Scanning for 1292849 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: FAMILIAROOM

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 17:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 16:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 16:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 16:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 18:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 21:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 5/17/2008 17:26:13
ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 5/26/2008 17:26:16
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 17:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 5/26/2008 17:26:34
AESCN.DLL : 8.1.0.18 119156 Bytes 5/26/2008 17:26:32
AERDL.DLL : 8.1.0.20 418165 Bytes 5/26/2008 17:26:31
AEPACK.DLL : 8.1.1.5 364918 Bytes 5/26/2008 17:26:29
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 5/26/2008 17:26:27
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 5/26/2008 17:26:26
AEHELP.DLL : 8.1.0.14 115063 Bytes 5/26/2008 17:26:22
AEGEN.DLL : 8.1.0.21 303477 Bytes 5/26/2008 17:26:21
AEEMU.DLL : 8.1.0.6 430451 Bytes 5/26/2008 17:26:19
AECORE.DLL : 8.1.0.29 168311 Bytes 5/26/2008 17:26:17
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 01:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 18:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 21:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 01:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 16:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 01:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 01:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 20:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 22:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 20:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, May 26, 2008 11:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\winupdt.exe
[DETECTION] Is the Trojan horse TR/WinlogonHook.C
[NOTE] The file was moved to '48a8f695.qua'!

The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Meghan\Application Data\FÎ¿nts\svchost(2).exe
[DETECTION] Is the Trojan horse TR/Dldr.IZP
[NOTE] The file was moved to '489df787.qua'!
C:\Documents and Settings\Meghan\Application Data\FÎ¿nts\svchost.exe
[DETECTION] Is the Trojan horse TR/Spy.Winspool
[NOTE] The file was moved to '489df78a.qua'!
C:\Documents and Settings\Meghan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3197ec81-676f5aa9.zip

Archive type: ZIP

--> GetAccess.class
[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ
--> Installer.class
[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AK
--> NewSecurityClassLoader.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.2
--> NewURLClassLoader.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.3
[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ
[NOTE] The file was moved to '48b0f79a.qua'!
C:\Documents and Settings\Meghan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-47c9e069.zip

Archive type: ZIP

--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B.1
[NOTE] The file was moved to '48a7f7b2.qua'!
C:\Documents and Settings\Meghan\Local Settings\Temporary Internet Files\Content.IE5\Q3SR6XAJ\paramlist[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '48acf92e.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CA7QMP33.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4871fa7a.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CA8LAR45.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4872fa85.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CAB6AH77.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '487cfa88.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CAGXYZG1.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4881fa8b.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CANYOJ3D.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4888fa8d.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CASDAJIF.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '488dfa8f.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CASDMJKX.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '488dfa92.qua'!
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\QIRFR2WM\CATKWJ9X.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '488efa94.qua'!
C:\My Downloads\the whistle song.rar

Archive type: RAR

--> Setup_toolBar.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.nj
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.nj.1
[NOTE] The file was moved to '489ffbab.qua'!
C:\QooBox\Quarantine\catchme2008-05-25_213513.27.zip

Archive type: ZIP

--> bupagfsv.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> cgxshnlr.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> cqynikjo(2).dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> ecoibhca.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> ewrgqcam.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> hponbbab.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> jnhhgvei.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> llcqfxbe.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> nlummfhg.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> nuogsefg.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> nyaofvsu.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1
--> stawxslq.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.D
[NOTE] The file was moved to '48aeff3a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Guest\Application Data\CROSOF~1.NET\tracert.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.IZP
[NOTE] The file was moved to '489bff4f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Heidrichs\Desktop\WinAntiVirusPro2007FreeInstall.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.WinFixer.Z.2
[NOTE] The file was moved to '48a8ff4a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Heidrichs\My Documents\ASKS~1\wuauboot.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Winspool
[NOTE] The file was moved to '489bff58.qua'!
C:\QooBox\Quarantine\C\Program Files\Common Files\DriveCleaner Free\udcpas.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.WinFixer.E
[NOTE] The file was moved to '489dff4b.qua'!
C:\QooBox\Quarantine\C\Program Files\DriveCleaner Free\UDC6cw.exe.vir
[DETECTION] Is the Trojan horse TR/Fakealert.FB.2
[NOTE] The file was moved to '487dff2d.qua'!
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.FK
[NOTE] The file was moved to '488fff55.qua'!
C:\QooBox\Quarantine\C\Program Files\VSAdd-in\VSAdd-in_1.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.ACL
[NOTE] The file was moved to '487bff41.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ahjrcddj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48a4ff59.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\apolbjwv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a9ff63.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bmakubfe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489bff62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bupagfsv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48aaff6c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cgxshnlr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48b2ff60.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cmavpugg.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489bff68.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cqdlquof.dll.vir
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.CC Backdoor server programs
[NOTE] The file was moved to '489eff6f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cqynikjo(2).dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48b3ff71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ecoibhca.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a9ff65.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\epxkflwo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48b2ff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ewrgqcam.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48acff7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eybsoxaa.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489cff81.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ghfkuufp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a0ff71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ghiaudje.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.G.2
[NOTE] The file was moved to '48a3ff71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hponbbab.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a9ff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hthkulpo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a2ff7d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\icrlispu.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48acff6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ikmmcxdd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a7ff75.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jnhhgvei.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a2ff78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jumrvnja.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a7ff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jwdesgvt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489eff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jxslvyca.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48adff83.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kuqigkob.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48abff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lhrvtxdj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48acff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lkfpwncu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a0ff77.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\llcqfxbe.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489dff78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lsnhtnbc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a8ff7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lwkgdsrq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48a5ff84.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lxqhwpkf.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48abff85.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mjhnsadh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a2ff77.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mxdpbkva.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489eff86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nlummfhg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48afff7a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nuogsefg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a9ff83.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nyaofvsu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489bff87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\owejeude.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '489fff86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oxcprsrs.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489dff87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pcthkyfd.dll.vir
[DETECTION] Is the Trojan horse TR/Juan.H
[NOTE] The file was moved to '48aeff72.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pdwpdqrv.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '48b1ff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qvbtpuxn.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[NOTE] The file was moved to '489cff86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rpyadfak.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[NOTE] The file was moved to '48b3ff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rqwiwnvc.dll.vir
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[NOTE] The file was moved to '48b1ff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rvmosebi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a7ff87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\stawxslq.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489bff85.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\system.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.d
[NOTE] The file was moved to '48adff8a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tbdpicev.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '489eff74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uafkdago.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a0ff73.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uguirwiw.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '48afff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\umtqilca.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48aeff7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uoiqeeeu.dll.vir
[DETECTION] Is the Trojan horse TR/QuerySpy
[NOTE] The file was moved to '48a3ff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uqkqjvvn.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49352055.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uvsdxdka.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48adff89.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtsqn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.BQ
[NOTE] The file was moved to '48adff88.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vustxgvt.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '493d205a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vybiefwf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489cff8d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vyburvca.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '490c205e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wdlgbbia.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a6ff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wkkrgswq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a5ff80.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wopadufe.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48aaff84.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xaarkfqc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '489bff76.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xbmddoqf.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.VBStat.H
[NOTE] The file was moved to '48a7ff78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xcxwxxrf.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.G.2
[NOTE] The file was moved to '48b2ff79.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xdhnmmsd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '48a2ff7a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214903.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.FK
[NOTE] The file was moved to '486cffb4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214922.exe
[DETECTION] Is the Trojan horse TR/Crypt.d
[NOTE] The file was moved to '486cffb5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214940.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '49e27f96.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214949.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '486cffb6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214952.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '49e27f97.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214964.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '486cffb8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214967.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49e27f99.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214969.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[NOTE] The file was moved to '486cffb7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214974.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49e27f98.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214977.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '486cffb9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214980.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[NOTE] The file was moved to '49e27f9a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0214983.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '486cffba.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215025.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215026.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9c.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215027.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215028.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9e.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215029.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9b.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215030.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215031.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27f9d.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215032.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215033.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27fe0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215034.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffc1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215035.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e27fe2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076\A0215036.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486cffbe.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215506.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486cffce.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215507.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffcf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215508.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49e27ff0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215509.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215510.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49e27ff1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215511.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215512.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '49e27ff2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215513.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486cffd2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215514.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49e27ff3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215515.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215516.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.E
[NOTE] The file was moved to '486cffd3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215517.exe
[DETECTION] Contains detection pattern of the dropper DR/Comet.BB.3
[NOTE] The file was moved to '49e27ff4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215518.exe
[DETECTION] Contains detection pattern of the dropper DR/Toolbar.404Search.H
[NOTE] The file was moved to '486cffd5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215526.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ff5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215527.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ff6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215528.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215529.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ff8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215530.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215531.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215532.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.3
[NOTE] The file was moved to '49e27ff7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215534.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffd8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215535.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS
[NOTE] The file was moved to '49e27ff9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215537.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffa.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215538.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS
[NOTE] The file was moved to '486cffdb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215539.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215540.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.3
[NOTE] The file was moved to '486cffdd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215542.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.1
[NOTE] The file was moved to '486cffda.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215543.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215544.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '486cffdc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215545.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.6
[NOTE] The file was moved to '49e27ffe.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215547.exe
[DETECTION] Is the Trojan horse TR/Adload.MAS.1
[NOTE] The file was moved to '486cffdf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215548.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[NOTE] The file was moved to '49e27fc0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215549.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215550.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27ffd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215551.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffde.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215552.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fff.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215553.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0020.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215554.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215555.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215556.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215557.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215558.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e28001.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215559.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0022.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215560.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e28003.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215561.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0024.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215562.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215563.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215564.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215565.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215566.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e28005.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215567.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486c0026.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215568.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.3
[NOTE] The file was moved to '49e28007.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215569.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.3
[NOTE] The file was moved to '486c0028.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215570.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[NOTE] The file was moved to '49e27fca.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215571.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffeb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215572.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.3
[NOTE] The file was moved to '49e27fcc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215573.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffed.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215574.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215575.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '49e27fc1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215576.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[NOTE] The file was moved to '486cffe2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215579.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fce.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215587.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffef.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215591.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215592.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215593.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffe4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215594.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215595.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffe6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215601.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cfff1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215602.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215608.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cfff3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215611.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215614.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffe8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215615.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fc9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215619.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cffea.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215621.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215622.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '486cfff5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215623.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[NOTE] The file was moved to '49e27fd6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215624.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215625.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fcb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215626.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cffec.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215627.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fcd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215628.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cffee.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215629.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215630.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215631.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fda.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215632.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfffb.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215633.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fcf.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215634.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff0.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215635.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215636.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215637.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fdc.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215638.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfffd.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215639.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fde.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215640.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cffff.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215641.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215642.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '486cfff4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215643.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[NOTE] The file was moved to '49e27fd5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215644.dll
[DETECTION] Is the Trojan horse TR/BHO.G.3
[NOTE] The file was moved to '486cfff6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215645.dll
[DETECTION] Is the Trojan horse TR/BHO.G.3
[NOTE] The file was moved to '49e38020.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215646.dll
[DETECTION] Is the Trojan horse TR/Spy.Goldu.FT.1.A
[NOTE] The file was moved to '486d0001.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215647.sys
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Haxdoor.V.3.A Backdoor server programs
[NOTE] BDS/Haxdoor.V.3.A:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify//pptp32]
[NOTE] The file was moved to '49e38022.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078\A0215649.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[NOTE] The file was moved to '486d0003.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1079\A0218032.dll
[DETECTION] Is the Trojan horse TR/BHO.AKY
[NOTE] The file was moved to '49e38024.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081\A0218108.exe
[DETECTION] Is the Trojan horse TR/WinlogonHook.C
[NOTE] The file was moved to '486d0009.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081\A0218109.exe
[DETECTION] Is the Trojan horse TR/Dldr.IZP
[NOTE] The file was moved to '49e3802a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081\A0218110.exe
[DETECTION] Is the Trojan horse TR/Spy.Winspool
[NOTE] The file was moved to '486d000b.qua'!
C:\WINDOWS\SYSTEM32\efccbyx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '489e016d.qua'!
C:\WINDOWS\SYSTEM32\eiliartp.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[NOTE] The file was moved to '48a70170.qua'!
C:\WINDOWS\SYSTEM32\jkkjiij.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48a6017b.qua'!
C:\WINDOWS\SYSTEM32\jkklmnm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '492b79fc.qua'!
C:\WINDOWS\SYSTEM32\nbspgljm.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ae017e.qua'!
C:\WINDOWS\SYSTEM32\pptp32.dll
[DETECTION] Is the Trojan horse TR/Spy.Goldu.FT.1.A
[NOTE] The file was moved to '48af0193.qua'!
C:\WINDOWS\SYSTEM32\rqrromm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ad0197.qua'!
C:\WINDOWS\SYSTEM32\vtutqrr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48b001a4.qua'!

End of the scan: Monday, May 26, 2008 12:29
Used time: 48:12 min

The scan has been done completely.

8187 Scanning directories
201914 Files were scanned
239 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
223 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
201675 Files not concerned
3628 Archives were scanned
2 Warnings
223 Notes

The Combo Fix Log

ComboFix 08-05-25.5 - Heidrichs 2008-05-26 11:32:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.281 [GMT -6:00]
Running from: C:\Documents and Settings\Heidrichs\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C421.lfa
2157-07-08 15:36 . 2157-07-08 15:36   3,120   --a------   C:\WINDOWS\MF_C420.lfa
2008-05-26 11:31 . 2008-05-26 11:31   <DIR>   d--------   C:\327882R2FWJFW
2008-05-26 11:31 . 2004-08-04 05:00   388,608   --a------   C:\WINDOWS\SYSTEM32\CF11261.exe
2008-05-26 11:25 . 2008-05-26 11:25   <DIR>   d--------   C:\Program Files\Avira
2008-05-26 11:25 . 2008-05-26 11:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-05-26 03:01 . 2008-05-26 03:01   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-05-26 03:01 . 2008-05-26 03:01   206   --a------   C:\WINDOWS\SYSTEM32\MRT.INI
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\SUPERAntiSpyware.com
2008-05-26 00:39 . 2008-05-26 00:39   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 00:38 . 2008-05-26 00:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\Heidrichs\Application Data\Malwarebytes
2008-05-26 00:01 . 2008-05-26 00:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:17 . 2008-05-25 22:17   449,462   --a------   C:\HaxFix.exe
2008-05-25 21:51 . 2007-07-09 07:09   584,192   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-05-24 21:10 . 2008-05-24 21:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-23 22:23 . 2008-05-23 22:23   4,286   --a------   C:\WINDOWS\SYSTEM32\Jamster.ico
2008-05-13 05:50 . 2008-05-24 20:18   5,430   --a------   C:\WINDOWS\SYSTEM32\rloci.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 06:34   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-05-26 06:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-05-26 06:30   ---------   d-----w   C:\Program Files\WildTangent
2008-05-26 06:30   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-26 06:27   ---------   d-----w   C:\Program Files\iMesh Applications
2008-05-26 03:03   903,890   --sh--w   C:\WINDOWS\Fonts\xfapft.bak1
2008-05-25 03:02   821,289   --sh--w   C:\WINDOWS\Fonts\xfapft.bak2
2008-05-12 02:52   ---------   d-----w   C:\Documents and Settings\Heidrichs\Application Data\Corel
2008-04-23 04:41   0   -c--a-w   C:\WINDOWS\Fonts\mcrh.tmp
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12   151,583   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47   1,845,248   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2007-01-23 01:24   337,290   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
2007-01-01 05:00   337,290   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizupd.bin
2006-11-14 01:10   337,290   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizupd.bin
2005-12-05 05:50   280,064   -c--a-w   C:\Documents and Settings\Guest\Application Data\tizhook.bin
2005-09-12 23:19   280,064   -c--a-w   C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
2005-08-19 07:05   280,064   -c--a-w   C:\Documents and Settings\Heather\Application Data\tizhook.bin
2006-11-17 02:38   751,332   -csh--w   C:\WINDOWS\SYSTEM\apas.bak1
2006-11-23 02:19   765,400   -csh--w   C:\WINDOWS\SYSTEM\apas.bak2
.

((((((((((((((((((((((((((((( snapshot_2008-05-26_10.46.26.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 06:35:55   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-05-26 17:25:33   16,384   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-05-26 06:35:55   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-26 17:25:33   32,768   -c--a-w   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-22 00:12:56   41,792   ----a-w   C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys
+ 2008-01-22 00:11:28   22,336   ----a-w   C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys
+ 2008-03-04 19:28:53   79,424   ----a-w   C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
+ 2007-03-01 16:34:22   28,352   ----a-w   C:\WINDOWS\

guestolo · « **Reply #17 on:** May 26, 2008, 01:51:09 PM »

Can you access your Add and Remove programs and remove
Java 2 Runtime Environment, SE v1.4.2_03

Don't reboot if prompted

Looks like Avira found some rootkit files which I suspected were still around

Can you do the following

Please download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

Save it to your desktop.
RIGHT CLICK on OTMoveIt2.exe and choose to "Run as Administrator"
Copy the file paths below to the clipboard in [color=\"#0000FF\"]BLUE[/color] by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
==============================================================================

[color=\"#0000FF\"]C:\WINDOWS\Fonts\xfapft.bak1
C:\WINDOWS\Fonts\xfapft.bak2
C:\WINDOWS\Fonts\mcrh.tmp
C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin
C:\Documents and Settings\Guest\Application Data\tizupd.bin
C:\Documents and Settings\Heather\Application Data\tizupd.bin
C:\Documents and Settings\Guest\Application Data\tizhook.bin
C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin
C:\Documents and Settings\Heather\Application Data\tizhook.bin
C:\WINDOWS\SYSTEM\apas.bak1
C:\WINDOWS\SYSTEM\apas.bak2
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\winupdt.exe
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILIAROOM-Zach).job
C:\WINDOWS\wt
C:\Program Files\WildTangent
C:\Documents and Settings\All Users\Application Data\Viewpoint
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw[/color]

==============================================================================
Return to OTMoveIt2, right click in the "Paste List Of Files/Folders to Move" window (under the [color=\"yellow\"]yellow[/color] bar) and choose Paste.
Click the red [color=\"red\"]Moveit![/color] button.
Allow to finish
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location, I'll need to see it later
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <--indicates date_time of scan
Post that log along with a fresh hijackthis log

In addition: this next scan won't take that long
Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color]
(F-Secure Blacklight)

Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
Post that log also please

wisdom_of_trees · « **Reply #18 on:** May 26, 2008, 02:12:02 PM »

C:\WINDOWS\Fonts\xfapft.bak1 moved successfully.
C:\WINDOWS\Fonts\xfapft.bak2 moved successfully.
C:\WINDOWS\Fonts\mcrh.tmp moved successfully.
C:\Documents and Settings\Heidrichs\Application Data\tizupd.bin moved successfully.
C:\Documents and Settings\Guest\Application Data\tizupd.bin moved successfully.
C:\Documents and Settings\Heather\Application Data\tizupd.bin moved successfully.
C:\Documents and Settings\Guest\Application Data\tizhook.bin moved successfully.
C:\Documents and Settings\Heidrichs\Application Data\tizhook.bin moved successfully.
C:\Documents and Settings\Heather\Application Data\tizhook.bin moved successfully.
C:\WINDOWS\SYSTEM\apas.bak1 moved successfully.
C:\WINDOWS\SYSTEM\apas.bak2 moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\winupdt.exe not found.
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILIAROOM-Zach).job moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files moved successfully.
C:\WINDOWS\wt\wtupdates\webd\4.1.1 moved successfully.
C:\WINDOWS\wt\wtupdates\webd moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files moved successfully.
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19 moved successfully.
C:\WINDOWS\wt\wtupdates\DRM moved successfully.
C:\WINDOWS\wt\wtupdates moved successfully.
C:\WINDOWS\wt moved successfully.
C:\Program Files\WildTangent\LicenseStores\WT moved successfully.
C:\Program Files\WildTangent\LicenseStores moved successfully.
C:\Program Files\WildTangent\Components moved successfully.
C:\Program Files\WildTangent\Apps moved successfully.
C:\Program Files\WildTangent moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxyvw\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05262008_130250

05/26/08 13:05:07 [Info]: BlackLight Engine 1.0.70 initialized
05/26/08 13:05:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/26/08 13:05:07 [Note]: 7019 4
05/26/08 13:05:07 [Note]: 7005 0
05/26/08 13:05:10 [Note]: 7006 0
05/26/08 13:05:10 [Note]: 7011 1676
05/26/08 13:05:10 [Note]: 7035 0
05/26/08 13:05:10 [Note]: 7026 0
05/26/08 13:05:10 [Note]: 7026 0
05/26/08 13:05:12 [Note]: FSRAW library version 1.7.1024
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:13:24 [Note]: 2000 1012
05/26/08 13:15:10 [Note]: 7007 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:45 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199658369254
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3911 bytes

guestolo · « **Reply #19 on:** May 26, 2008, 02:43:05 PM »

That looks a lot better, I just want to double check on a file
But first, let's do a bit of cleanup

Go to START>>RUN>>Copy and paste the next command in bold
Then hit OK

ComboFix /u

This will uninstall combofix and it's components

Double click on Haxfix icon on desktop
Select u on your keyboard then hit ENTER
This will uninstall haxfix

Open SuperAntiSpyware
click on Manage Quarantine
Remove all items out of the Quarantine area>>DO NOT choose Restore
Then exit SA

Open Avira AntiVirus by double clicking it's Umbrella icon by the clock
Click on Adminstration
Ensure Quarantine is selected
Then delete everything out of the Quarantine area>>(The Trash can icon)
Exit Avira
Can you close your browser windows
Then run ATF-Cleaner.exe again
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt
Exit ATF-Cleaner from the Main menu

OTMoveit2

Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

Back in Windows
http://www.virustotal.com/flash/index_en.html
Copy and paste the following bold line to the space next to 'Upload a File'

C:\WINDOWS\SYSTEM32\rloci.bin
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please, or post the link to the results window

In addition, I would like to redo a step
Download haxfix.exe and save it to your desktop.
Double click on haxfix.exe to install haxfix.

1. Make logfile
E. Exit Haxfix

I want to see a logfile please

Select option 1. Make logfile by typing 1 and then pressing Enter.
Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
Copy the contents of that logfile and paste it into this thread.

Keep me informed how things are running please

News:

Author Topic: My Fiance's Parents' Computer...nightmare (Read 910 times)