Jump to content


Photo

Help!!! Think I've Got a Bad Virus!!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 01 August 2012 - 08:38 AM

My McAfee keeps showing a "Virus Removed" over and over. I ran several McAfee scans and Malwarebytes scans and removed a trojan, they both are showing
nothing found now? I also ran a BitDefender online scan and it came back with the following bug: Gen:Variant.Graftor.38498 Below you will find the logs
per the Posting Instructions: Thank you in advance for any help you all can give me.

Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Don Van Horne :: DONVANHORNE-HP [administrator]

7/31/2012 9:31:31 PM
mbam-log-2012-07-31 (21-31-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393954
Time elapsed: 56 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS.txt


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Don Van Horne at 8:06:30 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.5568 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe
C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mysearchresults.com/?c=8000&t=12
uSearch Page =
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10179&home=1
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/thewebblocker6/{0E289C9A-9774-4DFC-BFBE-CFBBD8274495}
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
mURLSearchHooks: H - No File
BHO: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
BHO: {15c9938f-cb96-496d-800a-b827f2e34ea1} - BlspcHlpr Class
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120731211701.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - Complitly
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Desktop iCalendar.exe] "C:\Program Files\desksware\Desktop iCalendar\Desktop iCalendar.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\DONVAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: NoInstrumentation = 01
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://C:\Users\Don Van Horne\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\Don Van Horne\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: cinemanow.com
Trusted Zone: hp.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4E9E706F-1D22-4200-946F-FDF88D459214} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4E9E706F-1D22-4200-946F-FDF88D459214}\44F6E6D20534D275962756C6563737 : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
BHO-X64: Ashampoo US - No File
BHO-X64: {15C9938F-CB96-496D-800A-B827F2E34EA1} - BlspcHlpr Class
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120731211701.dll
BHO-X64: scriptproxy - No File
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64: DefaultTabBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-X64: LastPass Vault - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - Complitly
BHO-X64: Complitly - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 216.119.147.103 facebook.com
Hosts: 216.119.147.103 www.facebook.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\dcqfpqv7.default-1343318298200\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://saintsreport.com/forums/f2/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Don Van Horne\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=792010253
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=792010253
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=792010253&q=
FF - user.js: extensions.funmoods.id - E06995FA1427361B
FF - user.js: extensions.funmoods.instlDay - 15548
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2212:13:21
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542&tt=3012_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 904a361b000000000000d0df9ae3ce0e
FF - user.js: extensions.BabylonToolbar.instlDay - 15550
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.118:28:00
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\rsdrvx64.sys --> C:\Windows\system32\drivers\rsdrvx64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\uim_vimx64.sys --> C:\Windows\system32\Drivers\uim_vimx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ACPService;ACPService;C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-8-26 687104]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-7-29 107520]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-31 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-31 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-31 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-7-31 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-7-31 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-3 2656280]
R2 Web Blocker Service URL;Web Blocker Service URL;C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe [2010-9-12 24064]
R2 Web Blocker Service;Web Blocker Service;C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe [2010-9-12 32768]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HCW723x;Hauppauge WinTV 723x PCIe Card;C:\Windows\system32\DRIVERS\HCW723x.sys --> C:\Windows\system32\DRIVERS\HCW723x.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 PCWinSoft;ScreenCamera.Net Video Camera;C:\Windows\system32\DRIVERS\scrcamnetdriver_x64.sys --> C:\Windows\system32\DRIVERS\scrcamnetdriver_x64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tihub3;TI USB3 Hub Service;C:\Windows\system32\drivers\tihub3.sys --> C:\Windows\system32\drivers\tihub3.sys [?]
R3 tixhci;TI XHCI Service;C:\Windows\system32\drivers\tixhci.sys --> C:\Windows\system32\drivers\tixhci.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 0193361343787433mcinstcleanup;McAfee Application Installer Cleanup (0193361343787433);C:\Users\DONVAN~1\AppData\Local\Temp\019336~1.EXE -cleanup -nolog --> C:\Users\DONVAN~1\AppData\Local\Temp\019336~1.EXE -cleanup -nolog [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/03 13:55:58;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-31 249936]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2012-7-20 580648]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys --> C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-7-17 252416]
S3 INIDVD;Initio USB DVD Filter Driver;C:\Windows\system32\DRIVERS\inidvd.sys --> C:\Windows\system32\DRIVERS\inidvd.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys --> C:\Windows\system32\DRIVERS\phaudlwr.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SPC620;Philips SPC620NC PC Camera;C:\Windows\system32\drivers\SPC620.sys --> C:\Windows\system32\drivers\SPC620.sys [?]
S3 SPC620m;Philips SPC620NC PC Cameram;C:\Windows\system32\drivers\SPC620m.sys --> C:\Windows\system32\drivers\SPC620m.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-01 02:30:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-01 02:30:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-01 02:17:08 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-08-01 02:17:01 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-01 02:17:00 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-08-01 02:17:00 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-08-01 02:16:58 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-08-01 02:16:58 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-08-01 02:16:58 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-08-01 02:16:58 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-08-01 02:16:58 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-08-01 02:16:55 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-08-01 02:05:34 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-08-01 01:50:05 -------- d-----w- C:\Program Files\ESET
2012-08-01 00:37:43 -------- d-----w- C:\Program Files\McAfee.com
2012-08-01 00:37:43 -------- d-----w- C:\Program Files\McAfee
2012-08-01 00:02:55 210856 ----a-w- C:\ProgramData\1343779199.bdinstall.bin
2012-08-01 00:00:10 -------- d-----w- C:\Program Files\Bitdefender
2012-07-31 23:52:40 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-07-31 23:47:05 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\QuickScan
2012-07-31 19:28:06 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\StreamTorrent
2012-07-31 19:28:06 -------- d-----w- C:\Program Files (x86)\StreamTorrent 1.0
2012-07-30 16:54:44 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-29 23:29:50 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\DefaultTab
2012-07-29 22:17:22 -------- d-----w- C:\Program Files (x86)\hpmonitor
2012-07-29 22:16:46 -------- d--h--w- C:\Program Files\Webstart Studios
2012-07-29 22:15:48 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\Iminent
2012-07-29 22:15:43 -------- d-----w- C:\Program Files (x86)\IMinent Toolbar
2012-07-29 15:51:44 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\JetPaste
2012-07-28 17:37:11 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\CommonDataMSI
2012-07-28 17:37:07 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\Iconico
2012-07-28 17:06:54 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\George_Taylor
2012-07-28 17:05:53 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\MP3 Tag Express V6
2012-07-28 17:05:53 -------- d-----w- C:\ProgramData\MP3 Tag Express
2012-07-28 17:05:53 -------- d-----w- C:\Program Files (x86)\MP3 Tag Express V6
2012-07-28 00:13:32 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\desksware
2012-07-28 00:13:32 -------- d-----w- C:\Program Files\desksware
2012-07-27 17:31:20 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\Applian
2012-07-27 17:13:57 -------- d-----w- C:\Windows\VideoClone 6
2012-07-27 17:13:56 -------- d-----w- C:\VideoClone
2012-07-27 17:13:44 33958 ----a-w- C:\ProgramData\uninstaller.exe
2012-07-27 17:13:43 -------- d-----w- C:\ProgramData\WeCareReminder
2012-07-23 16:28:09 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\Abelssoft
2012-07-23 16:27:55 -------- d-----w- C:\Program Files (x86)\AntiPhotoSpy
2012-07-22 17:46:55 -------- d-----w- C:\Program Files (x86)\MP4ToMP3Converter
2012-07-20 19:18:18 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\Wise Care 365
2012-07-20 19:15:38 -------- d-----w- C:\Program Files (x86)\Wise
2012-07-19 16:02:53 26024 ----a-w- C:\Windows\System32\drivers\rsdrvx64.sys
2012-07-19 16:02:47 -------- d-----w- C:\Program Files (x86)\Remo Drive Defrag
2012-07-18 23:47:30 37456 ----a-w- C:\Windows\System32\drivers\hotcore3.sys
2012-07-18 14:00:27 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\Yahoo!
2012-07-17 19:21:59 83 ----a-w- C:\Windows\SysWow64\gpupdate.bin
2012-07-17 19:16:23 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\Media Buddy
2012-07-17 19:16:08 252416 ----a-w- C:\Windows\SysWow64\GSService.exe
2012-07-17 19:16:07 -------- d-----w- C:\Program Files (x86)\Media Buddy
2012-07-15 22:14:21 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{B4A8AE86-7C93-4D5C-91CE-995C0AEEBAB0}
2012-07-15 22:14:09 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{F77625E6-629F-49EE-B8FC-8139DD7030EE}
2012-07-15 05:01:23 -------- d-----w- C:\Program Files (x86)\Perfect Uninstaller
2012-07-15 04:40:44 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{FFB1E874-FD59-4EB9-85D0-70877E66C3C5}
2012-07-15 04:40:28 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{CEA6689D-116C-46C9-B8B6-2B9AC9A55F78}
2012-07-12 14:29:52 4534272 ----a-w- C:\ProgramData\ReadOnlyInstaller.msi
2012-07-12 12:10:14 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{F0F31538-522A-4FE3-BB94-B1758AFC8BDA}
2012-07-12 12:10:03 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{0156A096-1302-42EF-BB86-69FA93F481E7}
2012-07-12 08:05:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:51:56 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\1-abc
2012-07-11 19:51:56 -------- d-----w- C:\Program Files (x86)\1-abc
2012-07-11 17:42:33 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\Inv Softworks
2012-07-11 09:09:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 09:09:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 09:09:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 09:09:00 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 09:09:00 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 09:09:00 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-09 15:16:19 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\Beyond Share
2012-07-09 15:15:47 -------- d-----w- C:\Program Files (x86)\Beyond Share
2012-07-08 17:06:57 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{FB7E592A-C2EC-4C97-8474-585D0B9C3959}
2012-07-08 05:06:24 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{69AF1B73-0924-4E61-B290-2B481FFC99FA}
2012-07-08 05:06:13 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{868B6EFF-72E8-45AA-80CC-1C77BC8C0F31}
2012-07-06 16:02:34 -------- d-----w- C:\Program Files (x86)\FileStream
2012-07-06 01:46:54 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\TomTom
2012-07-06 01:37:52 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2012-07-06 01:24:13 -------- d-----w- C:\ProgramData\AppData
2012-07-05 18:28:17 -------- d-----w- C:\Program Files (x86)\SoftSkin Photo Makeup
2012-07-05 18:14:33 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{5831E725-55A5-433B-BA36-2ACB9409207B}
2012-07-05 18:14:22 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{D4AB27A0-6641-47B0-BD0C-AA01A7646A15}
2012-07-05 00:46:01 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\SanDisk
2012-07-04 23:40:00 -------- d-----w- C:\Users\Don Van Horne\AppData\Roaming\IObit
2012-07-04 23:39:50 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-04 12:14:24 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{28311C70-7BBF-453A-937C-509A0057B288}
2012-07-04 12:14:13 -------- d-----w- C:\Users\Don Van Horne\AppData\Local\{E3423D83-8A91-4F1A-A0AF-A9D3C07F9071}
.
==================== Find3M ====================
.
2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-22 18:46:56 53248 ----a-w- C:\Windows\SysWow64\BSwitch.ax
2012-06-22 12:38:16 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-22 12:36:12 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-06-22 12:34:00 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-06-14 12:45:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 12:45:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-27 14:51:12 526800 ----a-w- C:\Users\Don Van Horne\MVTInstaller.exe
2012-05-24 21:34:59 47208 ----a-w- C:\Windows\System32\drivers\tbhsd.sys
2012-05-18 14:43:51 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2012-05-18 14:43:51 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2012-05-15 13:17:19 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-11 19:16:16 171520 ----a-w- C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2012-05-09 20:04:02 241800 ----a-w- C:\Windows\System32\drivers\scrcamnetdriver_x64.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 06:01:08 265797 ----a-w- C:\Windows\SysWow64\pdvcodec.dll
2012-05-03 16:03:58 38505456 ----a-w- C:\Users\Don Van Horne\dsb_standard_full97.exe
2011-04-19 03:51:20 653136 ----a-w- C:\Program Files (x86)\Common Files\MSVCR90.dll
2011-04-19 03:51:20 569680 ----a-w- C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-01-12 07:00:44 30208 ----a-w- C:\Program Files (x86)\Common Files\wmpinfo.dll
2011-01-12 07:00:42 240128 ----a-w- C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2011-01-12 07:00:42 146944 ----a-w- C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 07:00:40 221184 ----a-w- C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 07:00:40 204800 ----a-w- C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2010-12-17 02:39:36 302592 ----a-w- C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-17 02:39:16 701440 ----a-w- C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-17 02:39:16 412672 ----a-w- C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-17 02:39:14 292352 ----a-w- C:\Program Files (x86)\Common Files\webmsplit.dll
.
============= FINISH: 8:11:27.50 ===============

DDS Attach.txt: (Could not get this file to zip?)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2012 8:40:03 PM
System Uptime: 7/31/2012 8:57:17 PM (12 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AB5
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1851 GiB total, 1659.195 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.47 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP352: 7/30/2012 8:14:26 AM - Revo Uninstaller Pro's restore point - Babylon toolbar on IE
RP354: 7/30/2012 8:16:44 AM - Revo Uninstaller Pro's restore point - BabylonObjectInstaller
RP356: 7/30/2012 8:18:06 AM - Revo Uninstaller Pro's restore point - DealBulldog Toolbar Toolbar
RP358: 7/30/2012 8:23:01 AM - Revo Uninstaller Pro's restore point - ilivid
RP360: 7/30/2012 8:26:09 AM - Revo Uninstaller Pro's restore point - Iminent
RP362: 7/30/2012 8:29:51 AM - Revo Uninstaller Pro's restore point - WeatherBug
RP363: 7/30/2012 8:31:04 AM - Removed WeatherBug
RP365: 7/31/2012 1:03:58 PM - Revo Uninstaller Pro's restore point - The Web Blocker
RP366: 7/31/2012 8:49:16 PM - Installed ESET NOD32 Antivirus
RP367: 7/31/2012 8:55:42 PM - Installed ESET NOD32 Antivirus
RP368: 7/31/2012 8:59:00 PM - Installed ESET NOD32 Antivirus
RP369: 8/1/2012 3:20:12 AM - HPSF Restore Point
.
==== Installed Programs ======================
.
.
1-abc.net Duplicate Finder (Remove only)
1-abc.net File Washer (Remove only)
1ClickDownloader
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 Plugin
Aneesoft YouTube Converter 3.0.0.0
Anti-phishing Domain Advisor
AntiPhotoSpy 2012
Any DVD Cloner Platinum 1.1.2
Apple Application Support
Ashampoo Burning Studio Elements 10.0.9
Ashampoo Internet Accelerator 3 v.3.20
Ashampoo Photo Optimizer 3 v.3.13
Ashampoo Registry Cleaner v.1.00
Ashampoo US Toolbar
ASPCA Reminder by We-Care.com v4.1.17.1
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.2.3
AVS DVD Copy 4.1.2.283
AVS Media Player 4.1.8.93
AVS Registry Cleaner version 2.2
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
Bejeweled 2 Deluxe
Bejeweled 3
Beyond Share 2.1.8.68
Bing Rewards Client Installer
Booster 1.05A02
Bounce Symphony
Cake Mania
CAM UnZip 4.5
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Corel PaintShop Pro X4
Creative Vado AAC Codec
Creative Vado Codec
Creative Vado Effects Plugin
Creative Vado HD Codec
Creative Vado MP4 Reader
CyberLink PowerDVD 10
D3DX10
DefaultTab
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Digital Voice Recorder
DVD43 Plug-in v1.0.0.5
Easy Watermark Studio version 3.4
FATE - The Traitor Soul
Firebird SQL Server - MAGIX Edition
Folder Scout 1.3.2
Glary Utilities Pro 2.43.0.1419
Global Mapper 13
Hewlett-Packard ACLM.NET v1.1.2.0
High-Definition Video Playback 10
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Product Detection
HP Remote Solution
HP Setup
HP Setup Manager
HP Update
Hulu Desktop
HydraVision
ICA
Ideal DVD Copy V4.1.2
IDT Audio
Intel® Management Engine Components
IPM_PSP_COM
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LabelPrint
LastPass (uninstall only)
LG CyberLink PowerBackup
LG CyberLink PowerDVD 7.0
LG CyberLink PowerProducer
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
LightScribe Template Labeler
MAGIX Photo Manager MX Deluxe
MAGIX Screenshare
MAGIX Slideshow Maker 2
MAGIX Speed burnR (MSI)
Magnifying Glass Pro 1.8
MakeMe3D
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee SecurityCenter
McAfee Virtual Technician
Media Buddy 3.3.9
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Primary Interoperability Assemblies 2005
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movienizer 5.2
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket
MP3 Tag Express V6
MP4 To MP3 Converter V3.0.4
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
Netflix in Windows Media Center
OneNote Calendar
OpenOffice.org 3.3
Paragon Backup and Recovery™ 11 Compact Edition
Paragon Drive Copy™ 11 Professional Special Edition (English)
Philips CamSuite
Photo Notifier and Animation Creator
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Golfer
Power2Go
PressReader
PSPPContent
PSPPHelp
QuickTime
RarZilla Free Unrar
Recovery Manager
Registry Winner 6.5
Remo Drive Defrag
Remote Graphics Receiver
RoxioNow Player
SAMSUNG Intelli-studio
ScreenCamera.Net version 1.3.8.80
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Setup
SmartAudioEditor v6.0.1
SoftSkin Photo Makeup 1.0
StepShot
The Web Blocker
TomTom HOME Visual Studio Merge Modules
Toolbar Cleaner 1.0
Ultra Resizer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Mic

#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 02 August 2012 - 04:11 AM

Hi,

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your Desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here or here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt, TDSSKiller log in your next reply for further review.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#3 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 02 August 2012 - 08:22 AM

The TDSSKiller did not find any problems to cure and when I clicked on report
I was unable to copy or paste out of the box that appeared for some reason?
I will move on to the combofix now. Thank you again for the help and the quick response.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 02 August 2012 - 10:02 AM

OK, no problem. Just post the Combofix log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 02 August 2012 - 10:22 AM

I had some crazy stuff happen after the combofix started: First a window popped up saying I had 2 instances of McAfee Virus scan running
even after I had uninstalled prior to running combo fix because this bug is preventing me from turning my Firewall on or off and the scan
was having issues too. I had no choice but to let the CF run because I could not find where these were running form. After finishing CF finished
I attempted to open my browser and I got a 'Registry Key moved or Deleted" error and I could not open anything. I finally restored the computer
to a restore point yesterday and everything is up again. Here is the CF file:

ComboFix 12-07-31.03 - Don Van Horne 08/02/2012 9:40.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.6704 [GMT -5:00]
Running from: c:\users\Don Van Horne\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\dsfOggDemux2.dll
c:\programdata\1343779199.bdinstall.bin
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\@
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\L\00000004.@
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\L\201d3dde
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\U\80000032.@
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\U\80000064.@
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\11111111
c:\windows\SysWow64\11111111\Animation\letter_fold.ima
c:\windows\SysWow64\11111111\Animation\page_up.ima
c:\windows\SysWow64\11111111\Animation\shreds.ima
c:\windows\SysWow64\11111111\DomainsFavicons\126.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\163.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\a1.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\adinet.com.uy.ico
c:\windows\SysWow64\11111111\DomainsFavicons\aliceadsl.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\arcor.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\att.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\axelero.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\belgacom.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\bigpond.com.au.ico
c:\windows\SysWow64\11111111\DomainsFavicons\bigpond.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\bluewin.ch.ico
c:\windows\SysWow64\11111111\DomainsFavicons\blueyonder.co.uk.ico
c:\windows\SysWow64\11111111\DomainsFavicons\brturbo.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cableone.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\caiway.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cantv.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\casema.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cgocable.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cogeco.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\columbus.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\earthlink.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\eastlink.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\email.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\emirates.net.ae.ico
c:\windows\SysWow64\11111111\DomainsFavicons\euskalnet.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\free.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\freemail.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\freenet.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\globetrotter.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\hetnet.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\hiyo.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\home.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ibest.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ig.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\iinet.net.au.ico
c:\windows\SysWow64\11111111\DomainsFavicons\incredimail.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\insightbb.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\interfree.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\interia.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\internode.on.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\invitel.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\itelefonica.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\juno.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\kabelfoon.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\laposte.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\libero.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\list.ru.ico
c:\windows\SysWow64\11111111\DomainsFavicons\localnet.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\magentic.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\menara.ma.ico
c:\windows\SysWow64\11111111\DomainsFavicons\microsoft.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\msn.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\mweb.co.za.ico
c:\windows\SysWow64\11111111\DomainsFavicons\mysearchgames.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\nadlanu.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\neobee.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\netcologne.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\netzero.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\o2.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\oi.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\online.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ono.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\onvol.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\orange.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\osnanet.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\otenet.gr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\paradise.net.nz.ico
c:\windows\SysWow64\11111111\DomainsFavicons\peoplepc.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\photojoy.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\pop.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\pt.lu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ptd.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\quicknet.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rambler.ru.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rcn.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rdslink.ro.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rediffmail.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rogers.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sapo.pt.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sasktel.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\satx.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sbcglobal.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\scarlet.be.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sda.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\seznam.cz.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sfr.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\shaw.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sina.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\siol.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\slingshot.co.nz.ico
c:\windows\SysWow64\11111111\DomainsFavicons\speedy.com.ar.ico
c:\windows\SysWow64\11111111\DomainsFavicons\supanet.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sympatico.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\t-online.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\t-online.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\tele2.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telefonica.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telenet.be.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telfort.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telkomsa.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\terra.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\terra.es.ico
c:\windows\SysWow64\11111111\DomainsFavicons\tiscali.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\tlen.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\triad.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\uol.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\verat.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\virgilio.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\virgin.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\vivax.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\voila.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\voo.be.ico
c:\windows\SysWow64\11111111\DomainsFavicons\wanadoo.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\westnet.com.au.ico
c:\windows\SysWow64\11111111\DomainsFavicons\woh.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\wp.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ya.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\yandex.ru.ico
c:\windows\SysWow64\11111111\Ecard\birthday_faces.imf
c:\windows\SysWow64\11111111\Ecard\birthday_smiles.imf
c:\windows\SysWow64\11111111\Ecard\blessings_of_peace.imf
c:\windows\SysWow64\11111111\Ecard\bright_smile.imf
c:\windows\SysWow64\11111111\Ecard\cute_together.imf
c:\windows\SysWow64\11111111\Ecard\happy_ballons.imf
c:\windows\SysWow64\11111111\Ecard\have_a_nice_day.imf
c:\windows\SysWow64\11111111\Ecard\have_fun.imf
c:\windows\SysWow64\11111111\Ecard\hello.imf
c:\windows\SysWow64\11111111\Ecard\international_thanks.imf
c:\windows\SysWow64\11111111\Ecard\lovely_day.imf
c:\windows\SysWow64\11111111\Ecard\simple_but_good_d.imf
c:\windows\SysWow64\11111111\Ecard\sunny_day.imf
c:\windows\SysWow64\11111111\Ecard\your_special_day_d.imf
c:\windows\SysWow64\11111111\Emoticon\signatures.ime
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\6680DF54-B73A-4A17-8E1C-93FD2EEB2CDC_data.bak
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\6680DF54-B73A-4A17-8E1C-93FD2EEB2CDC_data.msg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\AccountsOrder.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\AddressBook\AddrBook.db3
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\AddressBook\AddrBook.db3.bak
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\ApprovedSenders.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\imsl.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1277\Fixie_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1864\kc_gg_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1865\kc_plus_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1866\kc_pc_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1867\kc_gallery_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1269\Fixie_18x20.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1860\ic_gg_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1861\ic_plus_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1862\ic_pc_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1863\ic_gallery_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\incredicenter_v2.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\image\pc_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\image\pc_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\image\pc_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\image\link_scanning\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\image\link_scanning\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\image\link_scanning\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\image\gg_image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\image\gg_image\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\image\gg_image\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\icons_line1.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\icons_line2.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\main_bg.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\image\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\image\list_blt.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\Images\bg.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\Images\list_blt.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\bg.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\icons.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\button.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\button_lang.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\v_icon.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\image\gg_image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\image\gg_image\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\image\gg_image\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\image\gg_image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\image\gg_image\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\image\gg_image\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\IndexTime.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\ReceiverThread.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\stamp.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\uninstall.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Containers.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Deleted Items.imm
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Inbox.imm
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\history.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\imit.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_a.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_d_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_di_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_i_2.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_k_2.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_kl_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_klh_2.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_r_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_sv.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_v.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_v.ix.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\indexlog.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\history.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\imit.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_a.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_d_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_di_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_i_5.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_k_5.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_kl_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_klh_5.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_r_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_sv.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_v.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_v.ix.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\indexlog.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Pictures\Pictures.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\RuleOrder.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\7E442B73-4300-4BD9-85C6-D3E4448F9A2D_data.msg
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\AccountsOrder.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\AddressBook\AddrBook.db3
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\AddressBook\AddrBook.db3.bak
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\ApprovedSenders.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\imsl.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Logs\ReceiverThread.log
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Logs\stamp.log
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Logs\uninstall.log
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\Containers.db
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\Inbox.imm
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\IndexB\imit.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\IndexH\imit.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\Pictures\Pictures.db
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\RuleOrder.dat
c:\windows\SysWow64\11111111\Image\balloons.imi
c:\windows\SysWow64\11111111\Image\blooming_rose.imi
c:\windows\SysWow64\11111111\Image\cake.imi
c:\windows\SysWow64\11111111\Image\chickadee.imi
c:\windows\SysWow64\11111111\Image\dancing_flower.imi
c:\windows\SysWow64\11111111\Image\growing_bouquet.imi
c:\windows\SysWow64\11111111\Image\growing_heart.imi
c:\windows\SysWow64\11111111\Image\jumping_around.imi
c:\windows\SysWow64\11111111\Image\kissing_lips.imi
c:\windows\SysWow64\11111111\Image\ladybug.imi
c:\windows\SysWow64\11111111\Image\laughing.imi
c:\windows\SysWow64\11111111\Image\little_kitten.imi
c:\windows\SysWow64\11111111\Image\shining_hello.imi
c:\windows\SysWow64\11111111\Image\smiley_cat.imi
c:\windows\SysWow64\11111111\Image\teasing.imi
c:\windows\SysWow64\11111111\Image\thumbs_up.imi
c:\windows\SysWow64\11111111\Image\trigger_baby.imi
c:\windows\SysWow64\11111111\Image\trigger_characters.imi
c:\windows\SysWow64\11111111\Image\trigger_love.imi
c:\windows\SysWow64\11111111\Image\waving_chicken.imi
c:\windows\SysWow64\11111111\Image\waving_monkey.imi
c:\windows\SysWow64\11111111\Image\waving_panda.imi
c:\windows\SysWow64\11111111\Image\xoxo.imi
c:\windows\SysWow64\11111111\Letter\agreement.imf
c:\windows\SysWow64\11111111\Letter\amazing_sunday.imf
c:\windows\SysWow64\11111111\Letter\ancient_style.imf
c:\windows\SysWow64\11111111\Letter\authentic_pattern.imf
c:\windows\SysWow64\11111111\Letter\blue.imf
c:\windows\SysWow64\11111111\Letter\blue_butterfly.imf
c:\windows\SysWow64\11111111\Letter\blue_sea.imf
c:\windows\SysWow64\11111111\Letter\blue_view.imf
c:\windows\SysWow64\11111111\Letter\board.imf
c:\windows\SysWow64\11111111\Letter\bright_monday.imf
c:\windows\SysWow64\11111111\Letter\butterflies.imf
c:\windows\SysWow64\11111111\Letter\bye_with_a_smile.imf
c:\windows\SysWow64\11111111\Letter\chubbicons.imf
c:\windows\SysWow64\11111111\Letter\cloudy_sky.imf
c:\windows\SysWow64\11111111\Letter\dollar_sign.imf
c:\windows\SysWow64\11111111\Letter\dolphin_smile.imf
c:\windows\SysWow64\11111111\Letter\dynamic_chart.imf
c:\windows\SysWow64\11111111\Letter\envelope.imf
c:\windows\SysWow64\11111111\Letter\envelopes.imf
c:\windows\SysWow64\11111111\Letter\fashionista.imf
c:\windows\SysWow64\11111111\Letter\floral_azure.imf
c:\windows\SysWow64\11111111\Letter\floral_design.imf
c:\windows\SysWow64\11111111\Letter\gift_box.imf
c:\windows\SysWow64\11111111\Letter\great_wednesday.imf
c:\windows\SysWow64\11111111\Letter\green_view.imf
c:\windows\SysWow64\11111111\Letter\hello_chicken.imf
c:\windows\SysWow64\11111111\Letter\hello_panda.imf
c:\windows\SysWow64\11111111\Letter\hi_there.imf
c:\windows\SysWow64\11111111\Letter\improving_trend.imf
c:\windows\SysWow64\11111111\Letter\jacques_the_cat.imf
c:\windows\SysWow64\11111111\Letter\jelly_beans.imf
c:\windows\SysWow64\11111111\Letter\ladybug.imf
c:\windows\SysWow64\11111111\Letter\landing_butterfly.imf
c:\windows\SysWow64\11111111\Letter\let_me_think.imf
c:\windows\SysWow64\11111111\Letter\light_blue_grain.imf
c:\windows\SysWow64\11111111\Letter\light_blue_stripes.imf
c:\windows\SysWow64\11111111\Letter\light_brown.imf
c:\windows\SysWow64\11111111\Letter\light_grain.imf
c:\windows\SysWow64\11111111\Letter\lighthouse.imf
c:\windows\SysWow64\11111111\Letter\looking_for_love.imf
c:\windows\SysWow64\11111111\Letter\majestic_cat.imf
c:\windows\SysWow64\11111111\Letter\morning_clouds.imf
c:\windows\SysWow64\11111111\Letter\nice_day.imf
c:\windows\SysWow64\11111111\Letter\nice_day_and_smiley.imf
c:\windows\SysWow64\11111111\Letter\out_of_office.imf
c:\windows\SysWow64\11111111\Letter\paper_clip.imf
c:\windows\SysWow64\11111111\Letter\parchment.imf
c:\windows\SysWow64\11111111\Letter\perched_puppy.imf
c:\windows\SysWow64\11111111\Letter\photo_mobile.imf
c:\windows\SysWow64\11111111\Letter\pink_view.imf
c:\windows\SysWow64\11111111\Letter\playful_dolphins.imf
c:\windows\SysWow64\11111111\Letter\puppy_nap.imf
c:\windows\SysWow64\11111111\Letter\raised_inset.imf
c:\windows\SysWow64\11111111\Letter\red_flower.imf
c:\windows\SysWow64\11111111\Letter\relax_beach.imf
c:\windows\SysWow64\11111111\Letter\school_book.imf
c:\windows\SysWow64\11111111\Letter\scrabble_greeting.imf
c:\windows\SysWow64\11111111\Letter\sealed_with_a_ribbon.imf
c:\windows\SysWow64\11111111\Letter\signing_pen.imf
c:\windows\SysWow64\11111111\Letter\soft_paper.imf
c:\windows\SysWow64\11111111\Letter\sunset_clouds.imf
c:\windows\SysWow64\11111111\Letter\surprise_kitty.imf
c:\windows\SysWow64\11111111\Letter\three_pups.imf
c:\windows\SysWow64\11111111\Letter\thumbtack.imf
c:\windows\SysWow64\11111111\Letter\tiger_butterfly.imf
c:\windows\SysWow64\11111111\Letter\touch_of_gold.imf
c:\windows\SysWow64\11111111\Letter\turquoise.imf
c:\windows\SysWow64\11111111\Letter\typewriter_hello.imf
c:\windows\SysWow64\11111111\Letter\vip_lc.imf
c:\windows\SysWow64\11111111\Letter\vip_support.imf
c:\windows\SysWow64\11111111\Letter\water_lilies.imf
c:\windows\SysWow64\11111111\Letter\weaved_style.imf
c:\windows\SysWow64\11111111\Letter\white.imf
c:\windows\SysWow64\11111111\Letter\world_exchange.imf
c:\windows\SysWow64\11111111\Letter\yellow_tulip.imf
c:\windows\SysWow64\11111111\Letter\yellow_view.imf
c:\windows\SysWow64\11111111\Lex\IMSTP9.gif
c:\windows\SysWow64\11111111\Notifier.xml
c:\windows\SysWow64\11111111\Notifier\bouncing_smile.imn
c:\windows\SysWow64\11111111\Notifier\butler_bob.imn
c:\windows\SysWow64\11111111\Notifier\butler_bob_madam.imn
c:\windows\SysWow64\11111111\Notifier\butterfly.imn
c:\windows\SysWow64\11111111\Notifier\colorful_artist.imn
c:\windows\SysWow64\11111111\Notifier\cursor_en.imn
c:\windows\SysWow64\11111111\Notifier\excited_puppy.imn
c:\windows\SysWow64\11111111\Notifier\glittery_kiss.imn
c:\windows\SysWow64\11111111\Notifier\hopping_bunny.imn
c:\windows\SysWow64\11111111\Notifier\racing_snail.imn
c:\windows\SysWow64\11111111\Notifier\singing_in_the_rain.imn
c:\windows\SysWow64\11111111\Notifier\smiley_dog.imn
c:\windows\SysWow64\11111111\Notifier\sunny_day.imn
c:\windows\SysWow64\11111111\Notifier\trigger_butler.imn
c:\windows\SysWow64\11111111\Notifier\trigger_effects.imn
c:\windows\SysWow64\11111111\Runtime\AnimationThumbnail\BCEB29C0-42D3-11D4-BA3E-0050DAC68030\letter_fold_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\AnimationThumbnail\C958D3B0-2BF0-11D4-BA28-0050DAC68030\page_up_thumb.gif
c:\windows\SysWow64\11111111\Runtime\AnimationThumbnail\E3F15280-2BF7-11D4-BA28-0050DAC68030\shreds_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\03E52982-0628-403F-8DF9-D7E6760D34B5\sunny_day_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\1DDC932D-C532-4C1C-B8AD-B27EF8099643\butler_bob_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\23572245-F530-4EEA-988E-CCBCF58FD241\glittery_kiss_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\38667A7B-C1AF-4861-951E-D3ED79A4E7F7\cursor_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\55E0BA31-10E8-4B0F0AC46-60E01E6ED53A\smiley_dog_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\5EA736FD-0026-4D17-A7BA-BF63FC7F6F4F\butt.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\6E9368EB-BD53-4A2E-9863-4B74BDC877A4\bouncing_smile_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\785DF6DF-C388-4C2F-B227-DFE14470EF7C\excited_puppy_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\7AEA4338-D641-484C-968D-718B06EE24F6\butler_bob_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\7D0E3F6E-89A4-419B-A389-716E10C9EAF5\colorful_artist_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\C1E1501A-A621-4414-8700-43AB1D53581D\singing_in_the_rain_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\DC5FC5C9-2101-48A1-BCA3-17552F699CCB\racing_snail_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\F4345A1D-2334-420C-93DA-937CAC6E2990\hopping_bunny_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\PN12EA1A-D9DD-45AA-AAAA-AAAAAAAAAAAA\thumb.jpg
c:\windows\SysWow64\11111111\Runtime\Notif

Edited by mvtrucking, 02 August 2012 - 10:23 AM.


#6 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 02 August 2012 - 11:29 AM

One other thing I have noticed: I reinstalled McAfee and found that I am still unable to turn on the Firewall?
Is this bug responsible? Thanks again for all of the help

#7 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 03 August 2012 - 09:13 AM

Hi again,

Combofix seems to have deleted a huge amount of infected files, and I'm not seeing all the log as there is a word count limit on posts at this forum. Can you post the rest of the log, please check you have posted it all, you may need two or more posts to fit it all in. I need to see all of it so I can accurately assess what actions Combofix has taken, and why. Thanks.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#8 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 04 August 2012 - 03:44 PM

Let me try this again: Also sorry for not getting back, I have been away from my computer(Out of town for a couple of days)
Thanks again for the help Jedi

ComboFix 12-07-31.03 - Don Van Horne 08/02/2012 9:40.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.6704 [GMT -5:00]
Running from: c:\users\Don Van Horne\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\dsfOggDemux2.dll
c:\programdata\1343779199.bdinstall.bin
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\@
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\L\00000004.@
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\L\201d3dde
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\U\80000032.@
c:\windows\Installer\{39b321dc-b12b-ec0e-a688-86083f8b5909}\U\80000064.@
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\11111111
c:\windows\SysWow64\11111111\Animation\letter_fold.ima
c:\windows\SysWow64\11111111\Animation\page_up.ima
c:\windows\SysWow64\11111111\Animation\shreds.ima
c:\windows\SysWow64\11111111\DomainsFavicons\126.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\163.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\a1.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\adinet.com.uy.ico
c:\windows\SysWow64\11111111\DomainsFavicons\aliceadsl.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\arcor.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\att.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\axelero.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\belgacom.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\bigpond.com.au.ico
c:\windows\SysWow64\11111111\DomainsFavicons\bigpond.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\bluewin.ch.ico
c:\windows\SysWow64\11111111\DomainsFavicons\blueyonder.co.uk.ico
c:\windows\SysWow64\11111111\DomainsFavicons\brturbo.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cableone.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\caiway.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cantv.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\casema.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cgocable.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\cogeco.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\columbus.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\earthlink.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\eastlink.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\email.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\emirates.net.ae.ico
c:\windows\SysWow64\11111111\DomainsFavicons\euskalnet.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\free.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\freemail.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\freenet.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\globetrotter.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\hetnet.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\hiyo.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\home.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ibest.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ig.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\iinet.net.au.ico
c:\windows\SysWow64\11111111\DomainsFavicons\incredimail.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\insightbb.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\interfree.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\interia.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\internode.on.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\invitel.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\itelefonica.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\juno.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\kabelfoon.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\laposte.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\libero.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\list.ru.ico
c:\windows\SysWow64\11111111\DomainsFavicons\localnet.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\magentic.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\menara.ma.ico
c:\windows\SysWow64\11111111\DomainsFavicons\microsoft.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\msn.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\mweb.co.za.ico
c:\windows\SysWow64\11111111\DomainsFavicons\mysearchgames.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\nadlanu.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\neobee.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\netcologne.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\netzero.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\o2.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\oi.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\online.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ono.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\onvol.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\orange.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\osnanet.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\otenet.gr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\paradise.net.nz.ico
c:\windows\SysWow64\11111111\DomainsFavicons\peoplepc.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\photojoy.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\pop.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\pt.lu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ptd.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\quicknet.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rambler.ru.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rcn.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rdslink.ro.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rediffmail.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\rogers.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sapo.pt.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sasktel.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\satx.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sbcglobal.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\scarlet.be.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sda.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\seznam.cz.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sfr.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\shaw.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sina.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\siol.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\slingshot.co.nz.ico
c:\windows\SysWow64\11111111\DomainsFavicons\speedy.com.ar.ico
c:\windows\SysWow64\11111111\DomainsFavicons\supanet.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\sympatico.ca.ico
c:\windows\SysWow64\11111111\DomainsFavicons\t-online.de.ico
c:\windows\SysWow64\11111111\DomainsFavicons\t-online.hu.ico
c:\windows\SysWow64\11111111\DomainsFavicons\tele2.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telefonica.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telenet.be.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telfort.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\telkomsa.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\terra.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\terra.es.ico
c:\windows\SysWow64\11111111\DomainsFavicons\tiscali.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\tlen.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\triad.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\uol.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\verat.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\virgilio.it.ico
c:\windows\SysWow64\11111111\DomainsFavicons\virgin.net.ico
c:\windows\SysWow64\11111111\DomainsFavicons\vivax.com.br.ico
c:\windows\SysWow64\11111111\DomainsFavicons\voila.fr.ico
c:\windows\SysWow64\11111111\DomainsFavicons\voo.be.ico
c:\windows\SysWow64\11111111\DomainsFavicons\wanadoo.nl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\westnet.com.au.ico
c:\windows\SysWow64\11111111\DomainsFavicons\woh.rr.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\wp.pl.ico
c:\windows\SysWow64\11111111\DomainsFavicons\ya.com.ico
c:\windows\SysWow64\11111111\DomainsFavicons\yandex.ru.ico
c:\windows\SysWow64\11111111\Ecard\birthday_faces.imf
c:\windows\SysWow64\11111111\Ecard\birthday_smiles.imf
c:\windows\SysWow64\11111111\Ecard\blessings_of_peace.imf
c:\windows\SysWow64\11111111\Ecard\bright_smile.imf
c:\windows\SysWow64\11111111\Ecard\cute_together.imf
c:\windows\SysWow64\11111111\Ecard\happy_ballons.imf
c:\windows\SysWow64\11111111\Ecard\have_a_nice_day.imf
c:\windows\SysWow64\11111111\Ecard\have_fun.imf
c:\windows\SysWow64\11111111\Ecard\hello.imf
c:\windows\SysWow64\11111111\Ecard\international_thanks.imf
c:\windows\SysWow64\11111111\Ecard\lovely_day.imf
c:\windows\SysWow64\11111111\Ecard\simple_but_good_d.imf
c:\windows\SysWow64\11111111\Ecard\sunny_day.imf
c:\windows\SysWow64\11111111\Ecard\your_special_day_d.imf
c:\windows\SysWow64\11111111\Emoticon\signatures.ime
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\6680DF54-B73A-4A17-8E1C-93FD2EEB2CDC_data.bak
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\6680DF54-B73A-4A17-8E1C-93FD2EEB2CDC_data.msg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\AccountsOrder.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\AddressBook\AddrBook.db3
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\AddressBook\AddrBook.db3.bak
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\ApprovedSenders.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\imsl.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1277\Fixie_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1864\kc_gg_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1865\kc_plus_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1866\kc_pc_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1867\kc_gallery_icon_20x22.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1269\Fixie_18x20.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1860\ic_gg_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1861\ic_plus_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1862\ic_pc_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1863\ic_gallery_icon_20x18.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\incredicenter_v2.bmp
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\image\pc_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\image\pc_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\image\pc_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\15\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\image\link_scanning\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\image\link_scanning\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\image\link_scanning\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\16\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\image\backup\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\18\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\image\gg_image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\image\gg_image\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\image\gg_image\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\19\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\icons_line1.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\icons_line2.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\main_bg.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1902\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\image\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\image\list_blt.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1903\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\Images\bg.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\Images\list_blt.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1905\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\bg.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1906\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1907\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\Images\icons.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1909\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1910\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1911\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_bottom_til.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_grey_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bg_top.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bul_fun.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bul_practical.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\Images\bul_safe.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1912\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1913\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\button.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\button_lang.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1914\v_icon.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\bg_bottom.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\btn.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\Images\bul.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\1915\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\image\gg_image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\image\gg_image\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\image\gg_image\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\2\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\image\gg_image\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\image\gg_image\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\image\gg_image\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\20\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\3\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\4\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\image\im_skin\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\5\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\7\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\bg.jpg
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\btn.png
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\list.gif
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\image\im_images\Thumbs.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\IMSys\{781B9B29-76A7-423F-A038-5BB34D4F48FA}\9\RDDlg.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\IndexTime.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\ReceiverThread.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\stamp.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Logs\uninstall.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Containers.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Deleted Items.imm
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Inbox.imm
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\history.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\imit.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_a.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_d_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_di_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_i_2.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_k_2.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_kl_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_klh_2.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_r_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_sv.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_v.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\index_v.ix.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexB\indexlog.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\history.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\imit.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_a.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_d_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_di_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_i_5.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_k_5.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_kl_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_klh_5.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_r_1.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_sv.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_v.ix
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\index_v.ix.log
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\IndexH\indexlog.dat
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\Message Store\Pictures\Pictures.db
c:\windows\SysWow64\11111111\Identities\{3CCD766A-32FB-4267-B015-41E9F9EFAFF4}\RuleOrder.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\7E442B73-4300-4BD9-85C6-D3E4448F9A2D_data.msg
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\AccountsOrder.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\AddressBook\AddrBook.db3
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\AddressBook\AddrBook.db3.bak
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\ApprovedSenders.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\imsl.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Logs\ReceiverThread.log
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Logs\stamp.log
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Logs\uninstall.log
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\Containers.db
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\Inbox.imm
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\IndexB\imit.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\IndexH\imit.dat
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\Message Store\Pictures\Pictures.db
c:\windows\SysWow64\11111111\Identities\{72CB212D-7D61-4C5F-9E51-5D12A29B07E1}\RuleOrder.dat
c:\windows\SysWow64\11111111\Image\balloons.imi
c:\windows\SysWow64\11111111\Image\blooming_rose.imi
c:\windows\SysWow64\11111111\Image\cake.imi
c:\windows\SysWow64\11111111\Image\chickadee.imi
c:\windows\SysWow64\11111111\Image\dancing_flower.imi
c:\windows\SysWow64\11111111\Image\growing_bouquet.imi
c:\windows\SysWow64\11111111\Image\growing_heart.imi
c:\windows\SysWow64\11111111\Image\jumping_around.imi
c:\windows\SysWow64\11111111\Image\kissing_lips.imi
c:\windows\SysWow64\11111111\Image\ladybug.imi
c:\windows\SysWow64\11111111\Image\laughing.imi
c:\windows\SysWow64\11111111\Image\little_kitten.imi
c:\windows\SysWow64\11111111\Image\shining_hello.imi
c:\windows\SysWow64\11111111\Image\smiley_cat.imi
c:\windows\SysWow64\11111111\Image\teasing.imi
c:\windows\SysWow64\11111111\Image\thumbs_up.imi
c:\windows\SysWow64\11111111\Image\trigger_baby.imi
c:\windows\SysWow64\11111111\Image\trigger_characters.imi
c:\windows\SysWow64\11111111\Image\trigger_love.imi
c:\windows\SysWow64\11111111\Image\waving_chicken.imi
c:\windows\SysWow64\11111111\Image\waving_monkey.imi
c:\windows\SysWow64\11111111\Image\waving_panda.imi
c:\windows\SysWow64\11111111\Image\xoxo.imi
c:\windows\SysWow64\11111111\Letter\agreement.imf
c:\windows\SysWow64\11111111\Letter\amazing_sunday.imf
c:\windows\SysWow64\11111111\Letter\ancient_style.imf
c:\windows\SysWow64\11111111\Letter\authentic_pattern.imf
c:\windows\SysWow64\11111111\Letter\blue.imf
c:\windows\SysWow64\11111111\Letter\blue_butterfly.imf
c:\windows\SysWow64\11111111\Letter\blue_sea.imf
c:\windows\SysWow64\11111111\Letter\blue_view.imf
c:\windows\SysWow64\11111111\Letter\board.imf
c:\windows\SysWow64\11111111\Letter\bright_monday.imf
c:\windows\SysWow64\11111111\Letter\butterflies.imf
c:\windows\SysWow64\11111111\Letter\bye_with_a_smile.imf
c:\windows\SysWow64\11111111\Letter\chubbicons.imf
c:\windows\SysWow64\11111111\Letter\cloudy_sky.imf
c:\windows\SysWow64\11111111\Letter\dollar_sign.imf
c:\windows\SysWow64\11111111\Letter\dolphin_smile.imf
c:\windows\SysWow64\11111111\Letter\dynamic_chart.imf
c:\windows\SysWow64\11111111\Letter\envelope.imf
c:\windows\SysWow64\11111111\Letter\envelopes.imf
c:\windows\SysWow64\11111111\Letter\fashionista.imf
c:\windows\SysWow64\11111111\Letter\floral_azure.imf
c:\windows\SysWow64\11111111\Letter\floral_design.imf
c:\windows\SysWow64\11111111\Letter\gift_box.imf
c:\windows\SysWow64\11111111\Letter\great_wednesday.imf
c:\windows\SysWow64\11111111\Letter\green_view.imf
c:\windows\SysWow64\11111111\Letter\hello_chicken.imf
c:\windows\SysWow64\11111111\Letter\hello_panda.imf
c:\windows\SysWow64\11111111\Letter\hi_there.imf
c:\windows\SysWow64\11111111\Letter\improving_trend.imf
c:\windows\SysWow64\11111111\Letter\jacques_the_cat.imf
c:\windows\SysWow64\11111111\Letter\jelly_beans.imf
c:\windows\SysWow64\11111111\Letter\ladybug.imf
c:\windows\SysWow64\11111111\Letter\landing_butterfly.imf
c:\windows\SysWow64\11111111\Letter\let_me_think.imf
c:\windows\SysWow64\11111111\Letter\light_blue_grain.imf
c:\windows\SysWow64\11111111\Letter\light_blue_stripes.imf
c:\windows\SysWow64\11111111\Letter\light_brown.imf
c:\windows\SysWow64\11111111\Letter\light_grain.imf
c:\windows\SysWow64\11111111\Letter\lighthouse.imf
c:\windows\SysWow64\11111111\Letter\looking_for_love.imf
c:\windows\SysWow64\11111111\Letter\majestic_cat.imf
c:\windows\SysWow64\11111111\Letter\morning_clouds.imf
c:\windows\SysWow64\11111111\Letter\nice_day.imf
c:\windows\SysWow64\11111111\Letter\nice_day_and_smiley.imf
c:\windows\SysWow64\11111111\Letter\out_of_office.imf
c:\windows\SysWow64\11111111\Letter\paper_clip.imf
c:\windows\SysWow64\11111111\Letter\parchment.imf
c:\windows\SysWow64\11111111\Letter\perched_puppy.imf
c:\windows\SysWow64\11111111\Letter\photo_mobile.imf
c:\windows\SysWow64\11111111\Letter\pink_view.imf
c:\windows\SysWow64\11111111\Letter\playful_dolphins.imf
c:\windows\SysWow64\11111111\Letter\puppy_nap.imf
c:\windows\SysWow64\11111111\Letter\raised_inset.imf
c:\windows\SysWow64\11111111\Letter\red_flower.imf
c:\windows\SysWow64\11111111\Letter\relax_beach.imf
c:\windows\SysWow64\11111111\Letter\school_book.imf
c:\windows\SysWow64\11111111\Letter\scrabble_greeting.imf
c:\windows\SysWow64\11111111\Letter\sealed_with_a_ribbon.imf
c:\windows\SysWow64\11111111\Letter\signing_pen.imf
c:\windows\SysWow64\11111111\Letter\soft_paper.imf
c:\windows\SysWow64\11111111\Letter\sunset_clouds.imf
c:\windows\SysWow64\11111111\Letter\surprise_kitty.imf
c:\windows\SysWow64\11111111\Letter\three_pups.imf
c:\windows\SysWow64\11111111\Letter\thumbtack.imf
c:\windows\SysWow64\11111111\Letter\tiger_butterfly.imf
c:\windows\SysWow64\11111111\Letter\touch_of_gold.imf
c:\windows\SysWow64\11111111\Letter\turquoise.imf
c:\windows\SysWow64\11111111\Letter\typewriter_hello.imf
c:\windows\SysWow64\11111111\Letter\vip_lc.imf
c:\windows\SysWow64\11111111\Letter\vip_support.imf
c:\windows\SysWow64\11111111\Letter\water_lilies.imf
c:\windows\SysWow64\11111111\Letter\weaved_style.imf
c:\windows\SysWow64\11111111\Letter\white.imf
c:\windows\SysWow64\11111111\Letter\world_exchange.imf
c:\windows\SysWow64\11111111\Letter\yellow_tulip.imf
c:\windows\SysWow64\11111111\Letter\yellow_view.imf
c:\windows\SysWow64\11111111\Lex\IMSTP9.gif
c:\windows\SysWow64\11111111\Notifier.xml
c:\windows\SysWow64\11111111\Notifier\bouncing_smile.imn
c:\windows\SysWow64\11111111\Notifier\butler_bob.imn
c:\windows\SysWow64\11111111\Notifier\butler_bob_madam.imn
c:\windows\SysWow64\11111111\Notifier\butterfly.imn
c:\windows\SysWow64\11111111\Notifier\colorful_artist.imn
c:\windows\SysWow64\11111111\Notifier\cursor_en.imn
c:\windows\SysWow64\11111111\Notifier\excited_puppy.imn
c:\windows\SysWow64\11111111\Notifier\glittery_kiss.imn
c:\windows\SysWow64\11111111\Notifier\hopping_bunny.imn
c:\windows\SysWow64\11111111\Notifier\racing_snail.imn
c:\windows\SysWow64\11111111\Notifier\singing_in_the_rain.imn
c:\windows\SysWow64\11111111\Notifier\smiley_dog.imn
c:\windows\SysWow64\11111111\Notifier\sunny_day.imn
c:\windows\SysWow64\11111111\Notifier\trigger_butler.imn
c:\windows\SysWow64\11111111\Notifier\trigger_effects.imn
c:\windows\SysWow64\11111111\Runtime\AnimationThumbnail\BCEB29C0-42D3-11D4-BA3E-0050DAC68030\letter_fold_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\AnimationThumbnail\C958D3B0-2BF0-11D4-BA28-0050DAC68030\page_up_thumb.gif
c:\windows\SysWow64\11111111\Runtime\AnimationThumbnail\E3F15280-2BF7-11D4-BA28-0050DAC68030\shreds_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\03E52982-0628-403F-8DF9-D7E6760D34B5\sunny_day_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\1DDC932D-C532-4C1C-B8AD-B27EF8099643\butler_bob_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\23572245-F530-4EEA-988E-CCBCF58FD241\glittery_kiss_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\38667A7B-C1AF-4861-951E-D3ED79A4E7F7\cursor_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\55E0BA31-10E8-4B0F0AC46-60E01E6ED53A\smiley_dog_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\5EA736FD-0026-4D17-A7BA-BF63FC7F6F4F\butt.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\6E9368EB-BD53-4A2E-9863-4B74BDC877A4\bouncing_smile_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\785DF6DF-C388-4C2F-B227-DFE14470EF7C\excited_puppy_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\7AEA4338-D641-484C-968D-718B06EE24F6\butler_bob_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\7D0E3F6E-89A4-419B-A389-716E10C9EAF5\colorful_artist_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\C1E1501A-A621-4414-8700-43AB1D53581D\singing_in_the_rain_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\DC5FC5C9-2101-48A1-BCA3-17552F699CCB\racing_snail_thumb.gif
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\F4345A1D-2334-420C-93DA-937CAC6E2990\hopping_bunny_thumb.bmp
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\PN12EA1A-D9DD-45AA-AAAA-AAAAAAAAAAAA\thumb.jpg
c:\windows\SysWow64\11111111\Runtime\NotifierThumbnail\PN21CBB8-C184-40AA-AAAA-AAAAAAAAAAAA\thumb.jpg
c:\windows\SysWow64\11111111\Runtime\Resource\IncMail\splash9.wav
c:\windows\SysWow64\11111111\Runtime\Skin\4E457805-E951-41D4-8827-CB035647ECB7\content.ini
c:\windows\SysWow64\11111111\Runtime\Skin\4E457805-E951-41D4-8827-CB035647ECB7\thumb.gif
c:\windows\SysWow64\11111111\Runtime\Skin

Edited by mvtrucking, 04 August 2012 - 03:46 PM.


#9 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 05 August 2012 - 11:04 AM

Hi again,

I'm still not getting it all. Please run Combofix again and post the log it produces this time, hopefully it should be a lot shorter.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#10 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 05 August 2012 - 11:39 AM

Going to continue where the above stopped:
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\3dEffect.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\3dMagic.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AbWndSearchBar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AccountSetup.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AccountSetupBig.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\action.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\add_contact.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AddFilterTab.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AdressTabCtrl.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\adsbutton.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AdvancedBarBottom.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AdvancedBarTop.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AdvFilterButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AlignBulletgroup.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Aligngroup.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\altprogress.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\altprogress_bck.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\altprogress_ending.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\analog_final.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\aol.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\aolLogo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\aolLogoBig.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\applications.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\approvedicons.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AttachClipLeft.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Attachment.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AttachmentBarBg.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Attachmentbutton.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\attachmentFrame.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\attachmentFrameVideo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\attachmentPaneBgTile.jpg
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\attachmentPaneTopBg.jpg
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\attachmentSelection.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\AutoComplete.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonBgTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonBottomLeft.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonBottomRight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonBottomTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BaloonLeft.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonLeftTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BaloonRight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonRightTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BaloonToolTip.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonTopLeft.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonTopRight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\baloonTopTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\bgimage.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\bgsound.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\bgsound_off.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BigDialogButtonDisable.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BigDialogButtonDown.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BigDialogButtonHover.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\BigDialogButtonTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Bold.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\bold.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\borders.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\bounce.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\browser_button.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Brush.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\btndel.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\btnenter.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\btntype.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\buddycon.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\buddycon_cell_hover.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\buddycon_cell_pressed.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\bullets.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ButtonFrame.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ButtonFrameChevron.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ButtonFrameChevronBlank.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\captionbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\CaptionBarBtns.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\center.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\chevron.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\chevron.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\chevron_sound.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\collection.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\combo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ComboBlue.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\composebar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ComposeDlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ConnectingStaticImage.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ConnectingToAccount.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ConractTabCtrl.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contact_btn_hover_left.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contact_btn_hover_right.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contact_btn_hover_tile.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contact_btn_pressed_left.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contact_btn_pressed_right.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contact_btn_pressed_tile.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ContactChumiconBg.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ContactChumiconChevron.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ContactPictureBG.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ContactPictureChevron.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ContactPlaceholder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contacts.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\content.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\content.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\content.ini
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contentbtn.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ContentCaption.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contentpane.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contentscrolldown.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\contentscrollup.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\copy.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\correct_spelling.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Cross.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\cut.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\delete.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Delete_single_Email.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\delete_text_cut.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DialogButtonDisable.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DialogButtonDown.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DialogButtonHover.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DialogButtonTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\divider.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DlgBg.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DlgBtn.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\DlgCaptionBar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\drag.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\drag_multiple_messages.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\drag_single_message.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\dragcopy.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ECScrollBorderDown.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ECScrollBorderUp.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ECVertScrollbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\EditBox.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\EditContact.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\EditPictureTile.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\email_read.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\email_unread.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Emoticon.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Emoticon.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\emoticon_detach.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\emoticonsborders.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\emoticonsbutton.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\emoticonscaption.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Empty.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Empty_Deleted_Folder.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\erasor.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Eudora.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\export.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FacebookBlueButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FacebookBlueButtonTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FacebookBlueTileButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FacebookGrayButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FacebookGrayButtonTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FacebookGrayTileButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\fb_icon_big.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\fb_icon_small.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\fb_link.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_bg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_bottom_left.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_bottom_right.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_chevron.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_chevron_hover.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_top_left.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\field_top_right.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\fieldplus.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FilterBar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FilterButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FilterTab.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\flag_message.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\folder_spark.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\FolderSep.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\foldersscrolldown.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\foldersscrollup.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\forward.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\from.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\gallery.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\games.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\GeneralButton.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\getfromfile.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\getfromsite.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\getfromweb.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\GetMore.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\getmsg.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Getting_Started.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\gmail.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\GmailLogo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\GmailLogoBig.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\gold.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\goldcontent.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\google_icon.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\grab.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\GroupPlaceholder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\hand.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\headers.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Highlight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\HorzScrollbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\HorzScrollLeft.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\HorzScrollRight.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\HorzSplitter.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\hotmail.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Hyperlink.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\IdentityPane.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\im.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImComposeMenubarIcons.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImDlgClient.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImFrameToolBar.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImFrameToolbarPopupBGImage.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImManagericons.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImMenubarIcons.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ImNmAddressBook.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\imp_content.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\import.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\import_contacts.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\importdlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\incredibackup.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\IncrediBackup.jpg
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\incredibackup_16x16.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\IncrediBackupBtn.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\incredicenter.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\IndentLR.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\IndentRL.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\infodlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\InnerBorderBottomTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\InnerBorderLeftTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\InnerBorderRightTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\InnerBorderUpTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\innerbutton.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\innercaption.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\insertimage.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Insertpicture.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\intheoffice.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ISPbtn.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Italic.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\italic.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Jfp.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_BgImage.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_dlgbottom.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_dlgbutton.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_dlgstatus.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_dlgtitle.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_dlgtop.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_junkbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_logo.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_logo.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_progress.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\languagedlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\LargeDlgBtn.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_alignbottom.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_aligncenter.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_aligntop.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_animimage.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_contentpacker.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_image.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_link.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_linkcolor.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_norightimg.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_open.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_palette.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_play.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_redo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_sample.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_textcolor.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_tile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_undo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\leftalign.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\letter_creator.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ListBorder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ListIcons.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\LiveIdIcon.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\loading.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MagnifyingGlass.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\malicious.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MaliciousButton.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\malicioushover.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MaliciousIconDlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenuBar.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenuBG.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenuBorder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenuHighlight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenuLeftTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenuShadows.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\message.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\messagebox.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\messagerules.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MoveTo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Netscape.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\new_message.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\NewContact.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\NewGroup.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\newmail.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Next.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\no_image.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\nodrop.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\noNotifierOptions.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\notifier.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\NotifierGoldLabel.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\NotifierInnerCaption.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\numbers.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\open_incredimail.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\options_button_icon.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\OptionsCheckbox.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\OptionsRadio.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\outofoffice.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\outofoffice.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\paint.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\paste.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\pencil.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\PhotoMail.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\PictureCrop.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\play.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\popupbutton.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\premium.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\premium.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Prev.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\PreviewBarBg.jpg
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\prime.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Print.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\problem.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\progress.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\progress.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\progressplus.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\propertiesicons.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\protection_center_logo.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ProtectionCenter.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\question.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\quickbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\receipt.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\receiptbg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\receiving.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\record.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Recorder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\redo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\refresh.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regagreementdlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regcallserver.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regfailed.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\register.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\registerbg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regsucceeded.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\RemoveContact.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\reply.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\reply.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rightalign.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rollerdex.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloon_funnel.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonBottomleft.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonBottomRight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonBottomTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonLeft.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonRight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonTopLeft.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonTopRight.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rtooltip_baloonTopTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\safe.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SafeButton.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\safehover.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SafeIconDlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\save.cur
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Save.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ScanAnimation.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ScrollBorderCornerDown.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ScrollBorderCornerUp.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ScrollBorderDown.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ScrollBorderUp.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\scrolldown.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\scrollup.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\search.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SearchAllFolders.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SearchBar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SearchCloseBtn.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SearchFolder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Send.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sending.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sendreceive.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\share_image.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\share_on_facebook_button.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ShowMenuChevron.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sidebox_close.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sidebox_open.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Signature.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SignatureBar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\signatureicon.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\skin.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\skinInnerCaption.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SomethingWentWrong.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SortBar.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SortComboIcons.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sound.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Sounds.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Spelling.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\splash.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\static_export.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\static_import.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\StaticScanAnimation.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status_bg_tile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status_off.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\statusbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\stop.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\stop.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\stylebox_click.wav
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\styleboxbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\StyleboxCaptionIcon.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SuccessIcon.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\suspicious.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SuspiciousButton.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\suspicioushover.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SuspiciousIconDlg.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\TabBarBg.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\TabControlBorder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\tell_a_friend.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\TextColor.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\thumbnail.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\thumbnailstatus.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toggle_button_left.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toggle_button_pressed_left.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toggle_button_pressed_right.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toggle_button_pressed_tile.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toggle_button_right.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toggle_button_tile.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\tourshadow.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\transfer_Fallback.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\TypingSound.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Underline.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\underline.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\undo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\unflag_message.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\unknown.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\UnKnownButton.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\unknownhover.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\unread.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\upload_image.gif
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\upload_to_facebook_button.swf
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\VertScrollbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\VertScrollBarbrdr.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\VertSplitter.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\webmail_18x18.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WhiteMenuBG.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WhiteMenuBorder.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WhiteMenuLeftTile.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WhiteVertScrollbar.bmp
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WindowCaptionIcons.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WindowsLogo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\WindowsLogoBig.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\yahoo.ico
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\YahooLogo.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\YahooLogoBig.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\zoom_in.png
c:\windows\SysWow64\11111111\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\zoom_out.png
c:\windows\SysWow64\11111111\Runtime\SkinThumbnail\4E457805-E951-41D4-8827-CB035647ECB7\thumb.gif
c:\windows\SysWow64\11111111\Runtime\SkinThumbnail\896E849B-DD0E-4209-8A9B-98896F32D80E\thumb.gif
c:\windows\SysWow64\11111111\Runtime\SkinThumbnail\C051FEA6-C26E-4101-9D3B-C66DF99567C2\thumb.gif
c:\windows\SysWow64\11111111\Runtime\SkinThumbnail\C60EFA66-D251-4586-AA7E-F36E419BA8C9\thumb.bmp
c:\windows\SysWow64\11111111\Runtime\SkinThumbnail\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\thumbnail.gif
c:\windows\SysWow64\11111111\Runtime\SkinThumbnail\E6B2E28C-D4C6-4068-A0CC-F52DAF721A52\thumb.bmp
c:\windows\SysWow64\11111111\Skin.xml
c:\windows\SysWow64\11111111\Skin\angelic.ims
c:\windows\SysWow64\11111111\Skin\fantasy.ims
c:\windows\SysWow64\11111111\Skin\frosted.ims
c:\windows\SysWow64\11111111\Skin\im2.ims
c:\windows\SysWow64\11111111\Skin\paper.ims
c:\windows\SysWow64\11111111\Skin\premium.ims
c:\windows\SysWow64\11111111\Sound\bach_cantate.imw
c:\windows\SysWow64\11111111\Sound\bach_gounod_ave_maria.imw
c:\windows\SysWow64\11111111\Sound\beethoven_moonlight_sonata.imw
c:\windows\SysWow64\11111111\Sound\big_explosion_01.imw
c:\windows\SysWow64\11111111\Sound\birthday_samba.imw
c:\windows\SysWow64\11111111\Sound\cartoon_string_01.imw
c:\windows\SysWow64\11111111\Sound\cool_wassup.imw
c:\windows\SysWow64\11111111\Sound\debussy_arabesque.imw
c:\windows\SysWow64\11111111\Sound\deep_laugh.imw
c:\windows\SysWow64\11111111\Sound\fur_elise.imw
c:\windows\SysWow64\11111111\Sound\girl_laugh.imw
c:\windows\SysWow64\11111111\Sound\grieg_morning.imw
c:\windows\SysWow64\11111111\Sound\here_comes_the_bride.imw
c:\windows\SysWow64\11111111\Sound\kissing_you.imw
c:\windows\SysWow64\11111111\Sound\pomp_and_circumstance.imw
c:\windows\SysWow64\11111111\Sound\shout_cry.imw
c:\windows\SysWow64\11111111\Sound\soothing_hi.imw
c:\windows\SysWow64\11111111\Sound\tchaikovsky_the_nutcracker.imw
c:\windows\SysWow64\11111111\Sound\thanks.imw
c:\windows\SysWow64\11111111\Sound\vivaldy_spring.imw
c:\windows\SysWow64\11111111\Sound\waho_02.imw
c:\windows\SysWow64\11111111\Sound\william_tel.imw
c:\windows\SysWow64\SCLabel.ocx
c:\windows\SysWow64\win.ini

#11 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 05 August 2012 - 11:41 AM

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 14:44 . 2012-08-02 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 13:51 . 2012-08-02 13:51 -------- d-----w- c:\program files (x86)\Simple Money Manager Standard
2012-08-01 14:00 . 2012-08-01 14:00 -------- d-----w- c:\program files (x86)\Photo Stamp Remover
2012-08-01 02:30 . 2012-08-01 02:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-01 02:30 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 02:17 . 2012-08-01 02:17 -------- d-----w- c:\program files (x86)\McAfee.com
2012-08-01 02:17 . 2012-08-02 14:45 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-08-01 02:16 . 2012-08-02 14:45 -------- d-----w- c:\program files\Common Files\McAfee
2012-08-01 01:50 . 2012-08-01 01:50 -------- d-----w- c:\program files\ESET
2012-08-01 00:37 . 2012-08-01 02:17 -------- d-----w- c:\program files\McAfee
2012-08-01 00:00 . 2012-08-01 00:00 -------- d-----w- c:\program files\Bitdefender
2012-07-31 23:52 . 2012-08-01 00:00 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-31 23:47 . 2012-07-31 23:47 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\QuickScan
2012-07-31 19:28 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\StreamTorrent 1.0
2012-07-31 19:28 . 2012-07-31 19:28 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\StreamTorrent
2012-07-30 16:54 . 2012-07-30 16:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-29 23:29 . 2012-08-02 14:43 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\DefaultTab
2012-07-29 22:17 . 2012-07-30 13:19 -------- d-----w- c:\program files (x86)\hpmonitor
2012-07-29 22:16 . 2012-07-29 22:16 -------- d--h--w- c:\program files\Webstart Studios
2012-07-29 22:15 . 2012-07-30 13:29 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\Iminent
2012-07-29 22:15 . 2012-07-29 22:15 -------- d-----w- c:\program files (x86)\IMinent Toolbar
2012-07-29 15:51 . 2012-07-29 17:29 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\JetPaste
2012-07-28 17:37 . 2012-07-28 17:38 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\CommonDataMSI
2012-07-28 17:37 . 2012-07-28 17:37 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\Iconico
2012-07-28 17:06 . 2012-07-28 17:06 -------- d-----w- c:\users\Don Van Horne\AppData\Local\George_Taylor
2012-07-28 17:05 . 2012-07-28 17:07 -------- d-----w- c:\programdata\MP3 Tag Express
2012-07-28 17:05 . 2012-07-28 17:05 -------- d-----w- c:\program files (x86)\MP3 Tag Express V6
2012-07-28 17:05 . 2012-07-28 17:05 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\MP3 Tag Express V6
2012-07-28 00:13 . 2012-07-28 00:13 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\desksware
2012-07-28 00:13 . 2012-07-28 00:13 -------- d-----w- c:\program files\desksware
2012-07-27 17:31 . 2012-07-27 17:31 -------- d-----w- c:\users\Don Van Horne\AppData\Local\Applian
2012-07-27 17:13 . 2012-08-01 03:11 -------- d-----w- c:\windows\VideoClone 6
2012-07-27 17:13 . 2012-08-01 03:11 -------- d-----w- C:\VideoClone
2012-07-27 17:13 . 2012-08-01 03:11 -------- d-----w- c:\programdata\WeCareReminder
2012-07-23 16:28 . 2012-07-23 16:28 -------- d-----w- c:\users\Don Van Horne\AppData\Local\Abelssoft
2012-07-23 16:27 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\AntiPhotoSpy
2012-07-22 17:46 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\MP4ToMP3Converter
2012-07-20 19:18 . 2012-08-02 13:07 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\Wise Care 365
2012-07-20 19:15 . 2012-07-20 19:15 -------- d-----w- c:\program files (x86)\Wise
2012-07-19 16:02 . 2009-02-12 20:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys
2012-07-19 16:02 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\Remo Drive Defrag
2012-07-18 23:47 . 2012-02-02 21:13 37456 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2012-07-18 14:00 . 2012-07-18 14:00 -------- d-----w- c:\users\Don Van Horne\AppData\Local\Yahoo!
2012-07-17 19:21 . 2012-07-17 19:23 83 ----a-w- c:\windows\SysWow64\gpupdate.bin
2012-07-17 19:16 . 2012-07-17 19:16 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\Media Buddy
2012-07-17 19:16 . 2012-07-05 22:50 252416 ----a-w- c:\windows\SysWow64\GSService.exe
2012-07-17 19:16 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\Media Buddy
2012-07-15 05:01 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\Perfect Uninstaller
2012-07-12 08:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:51 . 2012-07-27 17:37 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\1-abc
2012-07-11 19:51 . 2012-07-27 17:37 -------- d-----w- c:\program files (x86)\1-abc
2012-07-11 17:42 . 2012-07-11 17:42 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\Inv Softworks
2012-07-11 09:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 09:09 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 09:09 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 09:09 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 09:09 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 09:09 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-09 15:16 . 2012-07-09 15:17 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\Beyond Share
2012-07-09 15:15 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\Beyond Share
2012-07-06 16:02 . 2012-07-29 17:34 -------- d-----w- c:\program files (x86)\FileStream
2012-07-06 01:46 . 2012-07-27 21:12 -------- d-----w- c:\users\Don Van Horne\AppData\Local\TomTom
2012-07-06 01:37 . 2012-07-06 01:46 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-07-05 18:28 . 2012-08-01 03:11 -------- d-----w- c:\program files (x86)\SoftSkin Photo Makeup
2012-07-05 00:46 . 2012-07-05 00:46 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\SanDisk
2012-07-04 23:40 . 2012-07-05 18:09 -------- d-----w- c:\users\Don Van Horne\AppData\Roaming\IObit
2012-07-04 23:39 . 2012-07-05 18:12 -------- d-----w- c:\program files (x86)\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 08:02 . 2012-02-14 12:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-28 19:18 . 2012-06-28 19:18 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-22 18:46 . 2012-06-28 16:31 53248 ----a-w- c:\windows\SysWow64\BSwitch.ax
2012-06-14 12:45 . 2012-04-25 17:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 12:45 . 2012-02-10 13:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-08 23:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-08 23:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-08 23:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-27 14:51 . 2012-05-27 14:51 526800 ----a-w- c:\users\Don Van Horne\MVTInstaller.exe
2012-05-24 21:34 . 2012-05-24 21:34 47208 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2012-05-18 14:43 . 2012-05-18 14:44 423424 ----a-w- c:\windows\system32\atipdl64.dll
2012-05-18 14:43 . 2012-05-18 14:44 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-05-15 13:17 . 2012-05-15 13:17 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-09 20:04 . 2012-06-28 16:31 241800 ----a-w- c:\windows\system32\drivers\scrcamnetdriver_x64.sys
2011-04-19 03:51 . 2011-04-19 03:51 653136 ----a-w- c:\program files (x86)\Common Files\MSVCR90.dll
2011-04-19 03:51 . 2011-04-19 03:51 569680 ----a-w- c:\program files (x86)\Common Files\MSVCP90.dll
2011-01-12 07:00 . 2011-01-12 07:00 30208 ----a-w- c:\program files (x86)\Common Files\wmpinfo.dll
2011-01-12 07:00 . 2011-01-12 07:00 240128 ----a-w- c:\program files (x86)\Common Files\dsfVorbisDecoder.dll
2011-01-12 07:00 . 2011-01-12 07:00 146944 ----a-w- c:\program files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 07:00 . 2011-01-12 07:00 221184 ----a-w- c:\program files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 07:00 . 2011-01-12 07:00 204800 ----a-w- c:\program files (x86)\Common Files\dsfNativeFLACSource.dll
2010-12-17 02:39 . 2010-12-17 02:39 302592 ----a-w- c:\program files (x86)\Common Files\webmmux.dll
2010-12-17 02:39 . 2010-12-17 02:39 701440 ----a-w- c:\program files (x86)\Common Files\vp8encoder.dll
2010-12-17 02:39 . 2010-12-17 02:39 412672 ----a-w- c:\program files (x86)\Common Files\vp8decoder.dll
2010-12-17 02:39 . 2010-12-17 02:39 292352 ----a-w- c:\program files (x86)\Common Files\webmsplit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-13 00:35 208608 ----a-w- c:\users\Don Van Horne\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-13 00:35 208608 ----a-w- c:\users\Don Van Horne\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-13 00:35 208608 ----a-w- c:\users\Don Van Horne\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop iCalendar.exe"="c:\program files\desksware\Desktop iCalendar\Desktop iCalendar.exe" [2012-07-23 961536]
.
c:\users\Don Van Horne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R2 0205751343918259mcinstcleanup;McAfee Application Installer Cleanup (0205751343918259);c:\users\DONVAN~1\AppData\Local\Temp\020575~1.EXE [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/03 13:55;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-04-22 275648]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-07-05 252416]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2009-08-05 18456]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-09-28 581120]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-09-28 8192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-12 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-02-02 37456]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-14 352816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ACPService;ACPService;c:\program files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [2009-12-16 1799552]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 PCWinSoft;ScreenCamera.Net Video Camera;c:\windows\system32\DRIVERS\scrcamnetdriver_x64.sys [2012-05-09 241800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-01-18 125552]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-02-22 382024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.

#12 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 05 August 2012 - 11:42 AM

Should be the final piece:
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 21:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-11 04:31]
.
2012-08-01 c:\windows\Tasks\HPCeeScheduleForDon Van Horne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-07-28 c:\windows\Tasks\HPCeeScheduleForDONVANHORNE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-07-29 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files (x86)\Registry Winner\RegistryWinner.exe [2012-05-24 19:45]
.
2012-08-02 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2012-07-20 15:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-13 00:35 232672 ----a-w- c:\users\Don Van Horne\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-13 00:35 232672 ----a-w- c:\users\Don Van Horne\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-13 00:35 232672 ----a-w- c:\users\Don Van Horne\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-26 835072]
"combofix"="c:\combofix\CF20049.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mysearchresults.com/?c=8000&t=12
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10179&home=1
mStart Page = hxxp://www.bigseekpro.com/thewebblocker6/{0E289C9A-9774-4DFC-BFBE-CFBBD8274495}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Don Van Horne\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Don Van Horne\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: cinemanow.com
Trusted Zone: hp.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\dcqfpqv7.default-1343318298200\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://saintsreport.com/forums/f2/
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=792010253
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=792010253
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=792010253&q=
FF - user.js: extensions.funmoods.id - E06995FA1427361B
FF - user.js: extensions.funmoods.instlDay - 15548
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2212:13
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542&tt=3012_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 904a361b000000000000d0df9ae3ce0e
FF - user.js: extensions.BabylonToolbar.instlDay - 15550
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.118:28
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
URLSearchHooks-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-10 - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{124D001A-BDCB-472F-AA59-BBE7E4BC3204} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-DefaultTab - c:\users\Don Van Horne\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"=hex:51,66,7a,6c,4c,1d,38,12,da,93,18,
d0,83,9d,05,08,da,c1,9f,44,19,45,32,d4
"{124D001A-BDCB-472F-AA59-BBE7E4BC3204}"=hex:51,66,7a,6c,4c,1d,38,12,74,03,5e,
16,f9,f3,41,02,d5,4f,f8,a7,e1,e2,76,10
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"=hex:51,66,7a,6c,4c,1d,38,12,22,be,97,
97,26,93,87,0e,ff,e1,b5,67,70,4f,a0,e1
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,
0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4
"{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,
12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5ABD6C72-FFD7-B634-A92B-D77D5960E009}"=hex:51,66,7a,6c,4c,1d,38,12,1c,6f,ae,
5e,e5,b1,5a,f3,d6,3d,94,3d,5c,3e,a4,1d
"{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}"=hex:51,66,7a,6c,4c,1d,38,12,14,ec,f3,
65,f2,d5,84,00,e4,39,b0,a9,f5,78,d6,a9
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E8435AFE-2022-47E7-BD1F-ACA755D757B7}"=hex:51,66,7a,6c,4c,1d,38,12,90,59,50,
ec,10,6e,89,02,c2,09,ef,e7,50,89,13,a3
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,58,79,
1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,2a,ca,be,ce,40,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,19,40,95,79,40,39,40,bc,5d,26,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,19,40,95,79,40,39,40,bc,5d,26,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_USERS\S-1-5-21-2844776404-49628929-1600567784-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{710EBB65-5055-5098-6900-FD51E418AA79}*]
"hackgcnnegealmco"=hex:6a,61,6b,69,6d,6b,6d,6a,6f,70,68,66,6c,6d,64,69,6e,63,
6a,6b,00,86
"hamckdeoagolabld"=hex:61,62,62,6b,6e,63,68,64,63,62,6a,70,6c,68,6b,67,6e,69,
63,68,70,6b,66,62,6c,65,61,6c,68,64,6b,6c,6e,65,00,6e
"janchdmmlailhpoloecd"=hex:64,62,6f,6a,70,62,6a,66,6c,68,6a,64,6d,62,68,66,6c,
6d,6c,65,66,67,6d,6a,6d,6b,6e,68,67,61,69,6f,6a,63,61,6a,6d,6b,6e,6d,00,04
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\05\0a\05\02\04?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-02 09:57:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 14:57
.
Pre-Run: 1,782,157,676,544 bytes free
Post-Run: 1,781,938,491,392 bytes free
.
- - End Of File - - 75851C8EB07A2E96460630B71CF1B7AA

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 06 August 2012 - 07:10 AM

Hi again,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 07 August 2012 - 11:59 AM

Eset Online Scan Log: Do I delete the quarantined files and uninstall application on close? (Check those 2 boxes)? Thank you

C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application cleaned by deleting - quarantined
C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\9j72om1a.default\extensions\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application cleaned by deleting - quarantined
C:\Users\Don Van Horne\Documents\ChrisTV Online Premium Edition 6.80 Incl Serial [ThumperDC]\ChrisTV Online Premium Edition 6.80 Incl Serial [ThumperDC].exe Win32/DeFile.Gen application deleted - quarantined
C:\Users\Don Van Horne\Downloads\Adobe_Acrobat_X_Pro_10.1.3_Romanian,_Ukrainian,_Russian,_Turkish_(keygen-CORE)_ChingLiu.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Users\Don Van Horne\Downloads\FLVPlayerSetup.exe a variant of Win32/InstallCore.X application cleaned by deleting - quarantined
C:\Users\Don Van Horne\Downloads\PDFConverterSetup.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\Users\Don Van Horne\Downloads\videoclone-setup.exe Win32/DownloadAdmin.Gen application cleaned by deleting - quarantined

Edited by mvtrucking, 07 August 2012 - 11:59 AM.


#15 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 07 August 2012 - 03:52 PM

Hi again,

Do I delete the quarantined files and uninstall application on close? (Check those 2 boxes)?


Yes, please do.

Please let me know how the PC is running. Describe any remaining issues and problems.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#16 mvtrucking

mvtrucking

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 10 August 2012 - 08:48 AM

Hi again,

Do I delete the quarantined files and uninstall application on close? (Check those 2 boxes)?


Yes, please do.

Please let me know how the PC is running. Describe any remaining issues and problems.

jedi


Jedi,
I think you did it! I seem to be running much better! Sorry for the delay, I have had some family
members that had surgery. Thank you so much for all of your help. As soon as I have some extra $$
I will donate to the site.

#17 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 19 August 2012 - 01:57 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button