My mouse coursor is going wild.

hfb · Dec 5, 2006

The computer mouse coursor is going crazy please help. Here is my hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 16:58:21, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
D:\Porcarii\WinRAR\daemon\daemon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Porcarii\WinRAR\daemon\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160180648140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B27C6CD7-1413-4DA9-954C-690D31574A4B}: NameServer = 193.231.100.2 193.231.100.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

Ried · Dec 8, 2006

Hello hfb,

Unfortunately there is nothing readily apparent in this log. We'll run some tools and see if any malware is revealed.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please ensure your AVG A-S database is up-to-date:

Double-click the icon on Desktop to launch AVG

On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------

Delete your current combofix.exe (if you still have it) as it has since been updated.

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

-----------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware.

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on

located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on

then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
ComboFix.txt
New HijackThis log

hfb · Dec 10, 2006

Here are the logs:

Panda:

Incident Status Location

Adware:adware/navhelper Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Potentially unwanted tool:Application/HideWindow.S Not disinfected E:\install\wpi\common\cmdow.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:15:28 10/12/2006

+ Scan result:

HKU\S-1-5-21-1085031214-1303643608-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned with backup (quarantined).
E:\install\Applications\AdobePS8\install_dir\PHOTOSHOP CS - PARADOX NAG AND SERIAL EXPIRE REMOVE FIX.RAR/test.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\install\Applications\AdobePS8\install_dir\test.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
:mozilla.934:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.529:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.715:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.720:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.728:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.840:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.841:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.747:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Addcontrol : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.787:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.788:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.500:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.514:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.597:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.600:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.625:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.674:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.706:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.828:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.746:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.785:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.786:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.789:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.790:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.794:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.869:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.874:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.875:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.879:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.881:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.882:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.576:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.469:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.922:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.924:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.925:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.344:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.395:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.702:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.703:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.727:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.804:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.805:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.806:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.826:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.686:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Popularix : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Popularix : Cleaned.
:mozilla.517:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.518:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.713:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.714:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.839:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.848:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.855:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.856:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.888:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.251:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.350:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\admini[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Administrator - 06-12-10 12:39:04.00 Service Pack 2
ComboFix 06-12-01.3W-BetaE - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

k:\autorun.inf . . . . failed to delete

((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))

2006-12-10 12:40 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-10 08:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-04 22:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-19 16:54 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-19 16:54 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-11-19 15:53 <DIR> d-------- C:\Program Files\Total Video Converter
2006-11-19 15:41 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-19 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-11-19 15:18 <DIR> d-------- C:\Program Files\Metacafe
2006-11-19 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe
2006-11-19 14:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2006-11-19 14:25 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-11-19 14:25 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2006-11-19 14:25 <DIR> d-------- C:\Program Files\ArcSoft
2006-11-19 14:19 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-11-19 14:19 647,072 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
2006-11-19 14:19 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-19 14:19 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-11-19 14:19 24,382 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys
2006-11-19 14:19 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-11-19 14:19 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-11-19 14:19 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-11-19 14:19 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-11-19 14:19 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-11-15 17:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VoipDiscount

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-10 12:11 -------- d-a------ C:\Program Files\WinZip 9
2006-12-10 12:11 -------- d-------- C:\Program Files\WinRAR
2006-12-10 12:11 -------- d-------- C:\Program Files\SpywareGuard
2006-12-10 12:09 -------- d-------- C:\Program Files\Internet Explorer
2006-12-05 16:58 -------- d-------- C:\Program Files\HijackThis
2006-12-04 23:04 -------- d-------- C:\Program Files\Winamp
2006-11-19 17:01 -------- d-------- C:\Program Files\Webteh
2006-11-19 16:54 -------- d-------- C:\Program Files\DivX
2006-11-19 14:28 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 18:54 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ConvertTemp
2006-11-04 16:09 -------- d-------- C:\Program Files\Common Files\Real
2006-11-04 16:08 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Real
2006-10-30 11:36 -------- d-------- C:\Program Files\Trustix
2006-10-25 22:32 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2006-10-25 22:31 69120 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2006-10-25 22:31 61056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2006-10-25 22:31 -------- d-------- C:\Program Files\Comodo
2006-10-25 22:08 -------- d-------- C:\Program Files\Java
2006-10-25 22:07 -------- d-------- C:\Program Files\Common Files\Java
2006-10-25 22:07 -------- d-------- C:\Program Files\Common Files
2006-10-23 20:46 -------- dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2006-10-11 20:13 -------- d-------- C:\Program Files\Common Files\Sandlot Shared
2006-10-11 19:07 -------- d-------- C:\Program Files\Grisoft

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"VoipDiscount"="\"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe\" -nosplash -minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"DAEMON Tools-1033"="\"D:\\Porcarii\\WinRAR\\daemon\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoResolveTrack"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoResolveTrack"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoResolveTrack"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-12-10 12:42:01.98
C:\ComboFix2.txt ... 06-10-24 16:43
C:\ComboFix3.txt ... 06-10-11 19:20

Logfile of HijackThis v1.99.1
Scan saved at 12:45:16, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
D:\Porcarii\WinRAR\daemon\daemon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Porcarii\WinRAR\daemon\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160180648140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

Ried · Dec 11, 2006

Hi,

I'm not seeing anything in any of these logs. Could you give me more detail on what is happening with your mouse cursor?

Download and run Blacklight

Double-click blbeta.exe then accept the agreement, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet as legitimate items can also be listed there.

hfb · Dec 11, 2006

The blacklight program didn't gave me any errors but i did a scan with Spy Sweeper and gave me some problems. Here is the spysweeper log:

Starting File Sweep
10:00: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3762)
10:00: Found Spy Cookie: zedo cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3717)
10:00: Found Spy Cookie: xiti cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2060)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3591)
10:00: Found Spy Cookie: tripod cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3589)
10:00: Found Spy Cookie: tribalfusion cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3566)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2060)
10:00: Found Spy Cookie: adbureau cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 3257)
10:00: Found Spy Cookie: revenue.net cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3235)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3217)
10:00: Found Spy Cookie: questionmarket cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2038)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3236)
10:00: Found Spy Cookie: realmedia cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 1958)
10:00: Found Spy Cookie: 2o7.net cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2966)
10:00: Found Spy Cookie: maxserving cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 3669)
10:00: Found Spy Cookie: webtrends cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2821)
10:00: Found Spy Cookie: ic-live cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2728)
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 2038)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2729)
10:00: Found Spy Cookie: go.com cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2660)
10:00: Found Spy Cookie: fe.lea.lycos.com cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2038)
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 3269)
10:00: Found Spy Cookie: ru4 cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 2293)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3566)
10:00: Found Spy Cookie: touchclarity cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2481)
10:00: Found Spy Cookie: customer cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2371)
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 2370)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2322)
10:00: Found Spy Cookie: bravenet cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2292)
10:00: Found Spy Cookie: belnk cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 2276)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2276)
10:00: Found Spy Cookie: banner cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2027)
10:00: Found Spy Cookie: a cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2245)
10:00: Found Spy Cookie: ask cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2650)
10:00: Found Spy Cookie: falkag cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2229)
10:00: Found Spy Cookie: apmebf cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2141)
10:00: Found Spy Cookie: adserver cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2087)
10:00: Found Spy Cookie: adreactor cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 3148)
10:00: Found Spy Cookie: pointroll cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 2371)
10:00: Found Spy Cookie: cd freaks cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][4].txt (ID = 2088)
10:00: c:\documents and settings\administrator\cookies\[email protected][3].txt (ID = 2088)
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 2088)
10:00: Found Spy Cookie: adrevolver cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 3751)
10:00: Found Spy Cookie: yieldmanager cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 2037)
10:00: Found Spy Cookie: about cookie
10:00: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 1936)
10:00: Found Spy Cookie: 190dotcom cookie
10:00: Starting Cookie Sweep
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Registry Sweep Complete, Elapsed Time:00:00:05
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: HKLM\software\microsoft\mssmgr\ (ID = 1776755)
10:00: Found Trojan Horse: trojan agent winlogonhook
10:00: HKCR\dialerr.dialerr\ (ID = 1627741)
10:00: HKCR\dialerr.dialerr.1\ (ID = 1627737)
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: HKLM\software\classes\dialerr.dialerr.1\ (ID = 662143)
10:00: HKCR\clsid\{462f7758-8848-11d1-add8-0000f87734f0}\control\ (ID = 662065)
10:00: HKCR\webgate.webgate\ (ID = 662012)
10:00: HKCR\userinfo.userinfo\ (ID = 662008)
10:00: HKCR\tapilocationinfo.tapilocationinfo\ (ID = 662004)
10:00: HKCR\smartstart.smartstart\ (ID = 662000)
10:00: HKCR\refdial.refdial\ (ID = 661996)
10:00: HKCR\inshandler.inshandler\ (ID = 661992)
10:00: HKCR\icwsystemconfig.icwsystemconfig\ (ID = 661988)
10:00: HKCR\icwconn.webview\ (ID = 661983)
10:00: HKCR\icwconn.walker\ (ID = 661978)
10:00: HKCR\icwconn.ispdata\ (ID = 661973)
10:00: HKCR\icwconn.gifconvert\ (ID = 661968)
10:00: HKCR\icwconn.apprentice\ (ID = 661963)
10:00: HKCR\typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}\ (ID = 135551)
10:00: HKLM\software\classes\typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}\ (ID = 135538)
10:00: HKLM\software\classes\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}\ (ID = 135531)
10:00: HKLM\software\classes\appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}\ (ID = 135526)
10:00: HKLM\software\classes\appid\nhelper.dll\ (ID = 135525)
10:00: HKCR\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}\ (ID = 135518)
10:00: HKCR\appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}\ (ID = 135512)
10:00: HKCR\appid\nhelper.dll\ (ID = 135511)
10:00: Found Adware: navexcel navhelper
10:00: HKLM\software\classes\dialerr.dialerr\ (ID = 135355)
10:00: Found Adware: multidial
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00: Starting Registry Sweep

The erros were something like a trojan horse winlogonhook and a dialer. Hope i can help with that. The mouse cursor sometimes goes up and other ways when i want it to go left. The mosue cursor doesn't ''listens'' my commands. (excuse my english)

)

Ried · Dec 12, 2006

Hi hfb, :smile:

Let's go a bit deeper:

Please download SilentRunners.vbs (299kb) - Right click & choose Save As... SilentRunners.vbs

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts

Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete.

When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.

-------------------------------

Download StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post that log here

hfb · Dec 12, 2006

The startdeck log is too long to put it once, so i will try to put it all in a few threads.

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = ""C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet" ["Yahoo! Inc."]
"VoipDiscount" = ""C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"AVG7_CC" = ""C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP" ["GRISOFT, s.r.o."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Comodo Firewall" = ""C:\Program Files\Comodo\Firewall\CPF.exe" /background" ["COMODO"]
"DAEMON Tools-1033" = ""D:\Porcarii\WinRAR\daemon\daemon.exe" -lang 1033" ["DAEMON'S HOME"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP~1\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoResolveTrack" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Comodo Application Agent, CmdAgent, "C:\Program Files\Comodo\Firewall\cmdagent.exe" ["COMODO"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SpeedTouch 330 Manager, st330service, "C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service" ["THOMSON Telecom Belgium"]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1500\Driver = "CNMLM5y.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 30 seconds.
---------- (total run time: 88 seconds)

hfb · Dec 12, 2006

StartDreck (build 2.1.7 public stable) - 2006-12-12 @ 07:42:01 (GMT +00:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Administrator at REBORN

»Registry
»Run Keys
»Current User
»Run
*Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
*VoipDiscount="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*NvCplDaemon="RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
*AVG7_CC="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
*SunJavaUpdateSched="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
*Comodo Firewall="C:\Program Files\Comodo\Firewall\CPF.exe" /background
*DAEMON Tools-1033="D:\Porcarii\WinRAR\daemon\daemon.exe" -lang 1033
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*SpywareGuardDLBLOCK.CBrowserHelper/{4A368E80-174F-4872-96B5-0B27DDD11DB2}
`InprocServer32=C:\Program Files\SpywareGuard\dlprotect.dll
*SSVHelper Class/{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
`InprocServer32=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
»Internet Explorer
»Current User
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\windows\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+SearchUrl
*provider=
*=http://home.microsoft.com/access/autosearch.asp?p=%s
»Default User
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\windows\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\system32\upnpui.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
»Default User
*\AUTOEXEC.BAT
*\AVG7QT.DAT
*\biosinfo
*\boot.ini
*\boot.ini.comodofirewall
*\CDSetup.log
*\ComboFix.txt
*\ComboFix2.txt
*\ComboFix3.txt
*\CONFIG.SYS
*\hiberfil.sys
*\IO.SYS
*\MSDOS.SYS
*\msicpl-getdataint.log
*\msicpl-getdispinfo.log
*\NTDETECT.COM
*\ntldr
*\pagefile.sys
*\rapport.txt
*\st330AdaptorMgr.log
*\stInstall.log
*\VundoFix.txt
*\YServer.txt
*\$VAULT$.AVG\07812671.FIL
*\$VAULT$.AVG\07812734.FIL
*\$VAULT$.AVG\07812781.FIL
*\$VAULT$.AVG\07812843.FIL
*\$VAULT$.AVG\07812890.FIL
*\$VAULT$.AVG\07812906.FIL
*\$VAULT$.AVG\07812968.FIL
*\$VAULT$.AVG\07813000.FIL
*\$VAULT$.AVG\07813031.FIL
*\Documents and Settings\All Users.LOG
*\Documents and Settings\Default User.LOG
*\install\cmdlines.txt
*\install\RunOnceEx.cmd
*\install\start.cmd
*\WINDOWS\0.log
*\WINDOWS\alcrmv.exe
*\WINDOWS\alcupd.exe
*\WINDOWS\avrack.ini
*\WINDOWS\bdoscandel.exe
*\WINDOWS\bdoscandellang.ini
*\WINDOWS\BJPSUNST.EXE
*\WINDOWS\Blue Lace 16.bmp
*\WINDOWS\bootstat.dat
*\WINDOWS\cdplayer.ini
*\WINDOWS\clock.avi
*\WINDOWS\cmsetacl.log
*\WINDOWS\Coffee Bean.bmp
*\WINDOWS\comsetup.log
*\WINDOWS\control.ini
*\WINDOWS\daemon.dll
*\WINDOWS\desktop.ini
*\WINDOWS\DirectX.log
*\WINDOWS\DtcInstall.log
*\WINDOWS\explorer.exe
*\WINDOWS\explorer.scf
*\WINDOWS\FaxSetup.log
*\WINDOWS\FeatherTexture.bmp
*\WINDOWS\FeedingFrenzy.scr
*\WINDOWS\Gone Fishing.bmp
*\WINDOWS\Greenstone.bmp
*\WINDOWS\hh.exe
*\WINDOWS\iis6.log
*\WINDOWS\imsins.BAK
*\WINDOWS\imsins.log
*\WINDOWS\IsUninst.exe
*\WINDOWS\iun6002.exe
*\WINDOWS\KB867282.log
*\WINDOWS\KB873333.log
*\WINDOWS\KB873339.log
*\WINDOWS\KB885250.log
*\WINDOWS\KB885836.log
*\WINDOWS\KB886185.log
*\WINDOWS\KB887742.log
*\WINDOWS\KB887797.log
*\WINDOWS\KB888113.log
*\WINDOWS\KB888302.log
*\WINDOWS\KB890047.log
*\WINDOWS\KB890175.log
*\WINDOWS\KB891781.log
*\WINDOWS\KB893803v2.log
*\WINDOWS\KB894391.log
*\WINDOWS\KB898461.log
*\WINDOWS\MedCtrOC.log
*\WINDOWS\mozregistry.dat
*\WINDOWS\msdfmap.ini
*\WINDOWS\msicpl.ini
*\WINDOWS\msmqinst.log
*\WINDOWS\msxmlcab.log
*\WINDOWS\NeroDigital.ini
*\WINDOWS\netfxocm.log
*\WINDOWS\NOTEPAD.EXE
*\WINDOWS\nsreg.dat
*\WINDOWS\ntbtlog.txt
*\WINDOWS\ntdtcsetup.log
*\WINDOWS\ocgen.log
*\WINDOWS\ODBC.INI
*\WINDOWS\ODBCINST.INI
*\WINDOWS\OEWABLog.txt
*\WINDOWS\OpPrintServer.INI
*\WINDOWS\pavsig.txt
*\WINDOWS\PCDLIB32.DLL
*\WINDOWS\Prairie Wind.bmp
*\WINDOWS\regedit.exe
*\WINDOWS\REGLOCS.OLD
*\WINDOWS\regopt.log
*\WINDOWS\Rhododendron.bmp
*\WINDOWS\River Sumida.bmp
*\WINDOWS\Santa Fe Stucco.bmp
*\WINDOWS\SchedLgU.Txt
*\WINDOWS\sessmgr.setup.log
*\WINDOWS\setupact.log
*\WINDOWS\setupapi.log
*\WINDOWS\setuperr.log
*\WINDOWS\setuplog.txt
*\WINDOWS\Soap Bubbles.bmp
*\WINDOWS\SONYMAP.INI
*\WINDOWS\SOUNDMAN.EXE
*\WINDOWS\sripper.ini
*\WINDOWS\Sti_Trace.log
*\WINDOWS\StreamRipper32.INI
*\WINDOWS\system.ini
*\WINDOWS\tabletoc.log
*\WINDOWS\TASKMAN.EXE
*\WINDOWS\tsoc.log
*\WINDOWS\twain.dll
*\WINDOWS\twain_32.dll
*\WINDOWS\twunk_16.exe
*\WINDOWS\twunk_32.exe
*\WINDOWS\updspapi.log
*\WINDOWS\vb.ini
*\WINDOWS\vbaddin.ini
*\WINDOWS\vmmreg32.dll
*\WINDOWS\WGA.log
*\WINDOWS\wiadebug.log
*\WINDOWS\wiaservc.log
*\WINDOWS\win.ini
*\WINDOWS\Winamp.ini
*\WINDOWS\WindowsShell.Manifest
*\WINDOWS\WindowsUpdate.log
*\WINDOWS\winhelp.exe
*\WINDOWS\winhlp32.exe
*\WINDOWS\winnt.bmp
*\WINDOWS\winnt256.bmp
*\WINDOWS\wmsetup.log
*\WINDOWS\WMSysPr9.prx
*\WINDOWS\WNMHINDR.EXE
*\WINDOWS\yacs.log
*\WINDOWS\Zapotec.bmp
*\WINDOWS\_default.pif
*\Documents and Settings\Administrator\NTUSER.DAT
*\Documents and Settings\Administrator\ntuser.dat.LOG
*\Documents and Settings\Administrator\ntuser.ini
*\Documents and Settings\Default User\NTUSER.DAT
*\Documents and Settings\Default User\NtUser.dat.LOG
*\Documents and Settings\LocalService\NTUSER.DAT
*\Documents and Settings\LocalService\ntuser.dat.LOG
*\Documents and Settings\LocalService\ntuser.ini
*\Documents and Settings\NetworkService\NTUSER.DAT
*\Documents and Settings\NetworkService\ntuser.dat.LOG
*\Documents and Settings\NetworkService\ntuser.ini
*\DVDCopy\VIDEO_TS\VTS_01_3.VOB
*\install\logon\logonui.exe
*\install\wpi\NewBliss.jpg
*\install\wpi\postinstall.bmp
*\install\wpi\Thumbs.db
*\install\wpi\WPI.cmd
*\install\wpi\WPI.hta
*\install\wpi\wpi.ico
*\Program Files\AvRack\classic.dll
*\Program Files\AvRack\rtlrack.exe
*\Program Files\CleanUp!\CleanUp! Web Site.url
*\Program Files\CleanUp!\CleanUp.cnt
*\Program Files\CleanUp!\Cleanup.exe
*\Program Files\CleanUp!\CleanUp.hlp
*\Program Files\CleanUp!\license.txt
*\Program Files\CleanUp!\readme.txt
*\Program Files\CleanUp!\uninstall.exe
*\Program Files\CleanUp!\uninstall.ini
*\Program Files\DivX\ConverterUninstall.exe
*\Program Files\DivX\DivXBundleUninstall.exe
*\Program Files\DivX\DivXCodecUninstall.exe
*\Program Files\DivX\divxFolder.ico
*\Program Files\DivX\DivXPlayerUninstall.exe
*\Program Files\DivX\DivXWebPlayerUninstall.exe
*\Program Files\E-Color\3DeepWizard.ini
*\Program Files\E-Color\colorific.inf
*\Program Files\E-Color\Colorific.ini
*\Program Files\E-Color\Preset.inf
*\Program Files\Elf Bowling - Bocce Style!\ElfBowling_bocce_style.exe
*\Program Files\Elf Bowling - Bocce Style!\options.txt
*\Program Files\Elf Bowling - Bocce Style!\Uninstall.exe
*\Program Files\Elf Bowling 6 Air Biscuits 1.0\eb6_airbiscuits.exe
*\Program Files\Elf Bowling 6 Air Biscuits 1.0\Uninstall.exe
*\Program Files\HijackThis\HijackThis.exe
*\Program Files\HijackThis\hijackthis.log
*\Program Files\Internet Explorer\HMMAPI.DLL
*\Program Files\Internet Explorer\iedw.exe
*\Program Files\Internet Explorer\IEXPLORE.EXE
*\Program Files\Microsoft ActiveSync\RICHINK.DLL
*\Program Files\Movie Maker\moviemk.exe
*\Program Files\Movie Maker\WMM2AE.dll
*\Program Files\Movie Maker\WMM2ERES.dll
*\Program Files\Movie Maker\WMM2EXT.dll
*\Program Files\Movie Maker\WMM2FILT.dll
*\Program Files\Movie Maker\WMM2FXA.dll
*\Program Files\Movie Maker\WMM2FXB.dll
*\Program Files\Movie Maker\WMM2RES.dll
*\Program Files\Movie Maker\WMM2RES2.dll
*\Program Files\Mozilla Firefox\AccessibleMarshal.dll
*\Program Files\Mozilla Firefox\browserconfig.properties
*\Program Files\Mozilla Firefox\firefox.exe
*\Program Files\Mozilla Firefox\freebl3.chk
*\Program Files\Mozilla Firefox\freebl3.dll
*\Program Files\Mozilla Firefox\install.log
*\Program Files\Mozilla Firefox\js3250.dll
*\Program Files\Mozilla Firefox\LICENSE
*\Program Files\Mozilla Firefox\nspr4.dll
*\Program Files\Mozilla Firefox\nss3.dll
*\Program Files\Mozilla Firefox\nssckbi.dll
*\Program Files\Mozilla Firefox\plc4.dll
*\Program Files\Mozilla Firefox\plds4.dll
*\Program Files\Mozilla Firefox\README.txt
*\Program Files\Mozilla Firefox\smime3.dll
*\Program Files\Mozilla Firefox\softokn3.chk
*\Program Files\Mozilla Firefox\softokn3.dll
*\Program Files\Mozilla Firefox\ssl3.dll
*\Program Files\Mozilla Firefox\updater.exe
*\Program Files\Mozilla Firefox\updater.ini
*\Program Files\Mozilla Firefox\xpcom.dll
*\Program Files\Mozilla Firefox\xpcom_compat.dll
*\Program Files\Mozilla Firefox\xpcom_core.dll
*\Program Files\Mozilla Firefox\xpicleanup.exe
*\Program Files\Mozilla Firefox\xpistub.dll
*\Program Files\NetMeeting\Blip.wav
*\Program Files\NetMeeting\callcont.dll
*\Program Files\NetMeeting\cb32.exe
*\Program Files\NetMeeting\conf.exe
*\Program Files\NetMeeting\confmrsl.dll
*\Program Files\NetMeeting\dcap32.dll
*\Program Files\NetMeeting\h323cc.dll
*\Program Files\NetMeeting\MST120.DLL
*\Program Files\NetMeeting\MST123.DLL
*\Program Files\NetMeeting\nac.dll
*\Program Files\NetMeeting\netmeet.htm
*\Program Files\NetMeeting\nmas.dll
*\Program Files\NetMeeting\nmasnt.dll
*\Program Files\NetMeeting\nmchat.dll
*\Program Files\NetMeeting\nmcom.dll
*\Program Files\NetMeeting\nmft.dll
*\Program Files\NetMeeting\nmoldwb.dll
*\Program Files\NetMeeting\nmwb.dll
*\Program Files\NetMeeting\rrcm.dll
*\Program Files\NetMeeting\TestSnd.wav
*\Program Files\NetMeeting\wb32.exe
*\Program Files\Online Services\Refer me to more Internet Service Providers.lnk
*\Program Files\Outlook Express\msimn.exe
*\Program Files\Outlook Express\msoe.dll
*\Program Files\Outlook Express\msoe.txt
*\Program Files\Outlook Express\msoeres.dll
*\Program Files\Outlook Express\oeimport.dll
*\Program Files\Outlook Express\oemig50.exe
*\Program Files\Outlook Express\oemiglib.dll
*\Program Files\Outlook Express\setup50.exe
*\Program Files\Outlook Express\wab.exe
*\Program Files\Outlook Express\wabfind.dll
*\Program Files\Outlook Express\wabimp.dll
*\Program Files\Outlook Express\wabmig.exe
*\Program Files\SpywareGuard\config.ini
*\Program Files\SpywareGuard\def1.dtb
*\Program Files\SpywareGuard\def2.dtb
*\Program Files\SpywareGuard\dlbdata1.dtb
*\Program Files\SpywareGuard\dlbdata2.dtb
*\Program Files\SpywareGuard\dlprotect.dll
*\Program Files\SpywareGuard\license.txt
*\Program Files\SpywareGuard\readme.txt
*\Program Files\SpywareGuard\sgbhp.exe
*\Program Files\SpywareGuard\sghelp.chm
*\Program Files\SpywareGuard\sgliveupdate.exe
*\Program Files\SpywareGuard\sglog.txt
*\Program Files\SpywareGuard\sgmain.exe
*\Program Files\SpywareGuard\spywareguard.dll
*\Program Files\SpywareGuard\unins000.dat
*\Program Files\SpywareGuard\unins000.exe
*\Program Files\Total Video Converter\LastPlayList.m3u
*\Program Files\Winamp\demo.mp3
*\Program Files\Winamp\PXSDKPLS.dll
*\Program Files\Winamp\studio.xnf
*\Program Files\Winamp\UninstWA.exe
*\Program Files\Winamp\whatsnew.txt
*\Program Files\Winamp\Winamp.bm
*\Program Files\Winamp\winamp.exe
*\Program Files\Winamp\Winamp.ini
*\Program Files\Winamp\winamp.lks
*\Program Files\Winamp\winamp.m3u
*\Program Files\Winamp\Winamp.q1
*\Program Files\Winamp\winampa.exe
*\Program Files\Winamp\winampmb.htm
*\Program Files\Windows Media Player\custsat.dll
*\Program Files\Windows Media Player\migrate.exe
*\Program Files\Windows Media Player\mplayer2.exe
*\Program Files\Windows Media Player\mpvis.dll
*\Program Files\Windows Media Player\npdrmv2.dll
*\Program Files\Windows Media Player\npdrmv2.zip
*\Program Files\Windows Media Player\npds.zip
*\Program Files\Windows Media Player\npdsplay.dll
*\Program Files\Windows Media Player\npwmsdrm.dll
*\Program Files\Windows Media Player\setup_wm.exe
*\Program Files\Windows Media Player\wmpband.dll
*\Program Files\Windows Media Player\wmplayer.exe
*\Program Files\Windows Media Player\wmpns.dll
*\Program Files\Windows NT\dialer.exe
*\Program Files\Windows NT\htrn_jis.dll
*\Program Files\Windows NT\hypertrm.exe
*\Program Files\WinRAR\Citeste.txt
*\Program Files\WinRAR\Default.SFX
*\Program Files\WinRAR\Descript.ion
*\Program Files\WinRAR\fara_diacritice.zip
*\Program Files\WinRAR\File_Id.diz
*\Program Files\WinRAR\License.txt
*\Program Files\WinRAR\Order.htm
*\Program Files\WinRAR\Rar.exe
*\Program Files\WinRAR\rar.lng
*\Program Files\WinRAR\Rar.txt
*\Program Files\WinRAR\RarExt.dll
*\Program Files\WinRAR\rarext.lng
*\Program Files\WinRAR\RarExt64.dll
*\Program Files\WinRAR\RarExtLoader.exe
*\Program Files\WinRAR\RarFiles.lst
*\Program Files\WinRAR\rarnew.dat
*\Program Files\WinRAR\rarreg.key
*\Program Files\WinRAR\ReadMe.txt
*\Program Files\WinRAR\TechNote.txt
*\Program Files\WinRAR\Uninstall.exe
*\Program Files\WinRAR\uninstall.lng
*\Program Files\WinRAR\Uninstall.lst
*\Program Files\WinRAR\UnRAR.exe
*\Program Files\WinRAR\UnrarSrc.txt
*\Program Files\WinRAR\WhatsNew.txt
*\Program Files\WinRAR\WinCon.SFX
*\Program Files\WinRAR\WinRAR.cnt
*\Program Files\WinRAR\WinRAR.exe
*\Program Files\WinRAR\winrar.GID
*\Program Files\WinRAR\WinRAR.hlp
*\Program Files\WinRAR\winrar.lng
*\Program Files\WinRAR\Zip.SFX
*\Program Files\WinRAR\zipnew.dat
*\Program Files\WinZip 9\cnc.reg
*\Program Files\WinZip 9\EXAMPLE.ZIP
*\Program Files\WinZip 9\FILE_ID.DIZ
*\Program Files\WinZip 9\LICENSE.TXT
*\Program Files\WinZip 9\ORDER.TXT
*\Program Files\WinZip 9\README.TXT
*\Program Files\WinZip 9\VENDOR.TXT
*\Program Files\WinZip 9\WHATSNEW.TXT
*\Program Files\WinZip 9\WINZIP.CHM
*\Program Files\WinZip 9\WINZIP.TXT
*\Program Files\WinZip 9\WINZIP32.EXE
*\Program Files\WinZip 9\winzip90.exe
*\Program Files\WinZip 9\WZ.COM
*\Program Files\WinZip 9\WZ.PIF
*\Program Files\WinZip 9\WZ32.DLL
*\Program Files\WinZip 9\WZCAB.DLL
*\Program Files\WinZip 9\WZCAB3.DLL
*\Program Files\WinZip 9\WZINST.CHM
*\Program Files\WinZip 9\WZPOPUP.HLP
*\Program Files\WinZip 9\WZQKPICK.EXE
*\Program Files\WinZip 9\WZQKSTRT.RTF
*\Program Files\WinZip 9\WZSEPE32.EXE
*\Program Files\WinZip 9\WZSHLEX1.DLL
*\Program Files\WinZip 9\WZSHLSTB.DLL
*\Program Files\WinZip 9\WZTUTOR.HLP
*\Program Files\WinZip 9\WZVINFO.DLL
*\Program Files\WinZip 9\WZWIZARD.CHM
*\Program Files\WinZip 9\WZZPMAIL.DLL
*\RECYCLER\S-1-5-21-1085031214-1303643608-839522115-500\desktop.ini
*\RECYCLER\S-1-5-21-1085031214-1303643608-839522115-500\INFO2
*\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
*\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
*\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll
*\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll
*\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00013
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00014
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00015
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00016
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00017
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00018
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00019
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00020
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00021
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00022
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00023
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00024
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00025
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00026
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00027
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00028
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00029
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00030
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00031
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00032
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00033
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00034
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00035
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00036
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00037
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00038
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00039
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00040
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00041
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00042
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00043
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00044
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00045
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00046
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00047
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00048
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00051
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00052
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00053
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00054
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00055
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00056
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00057
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00058
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00059
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00060
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00061
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00062
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00063
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00064
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00065
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00066
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00067
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00068
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00069
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00070
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00071
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00072
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00073
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00074
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00075
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00076
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00077
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00078
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00079
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00080
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00081
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00082
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00083
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00084
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00085
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00086
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00087
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00088
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00089
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00090
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00092
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00093
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00094
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00095
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00096
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00097
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00098
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00099
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00100
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00101
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00102
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00103
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00104
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00105
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00106
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00107
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00108
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00109
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00110
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00111
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00112
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00113
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00114
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00115
*\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00116
*\WINDOWS\$NtUninstallKB894391$\ole32.dll
*\WINDOWS\$NtUninstallKB894391$\olecli32.dll
*\WINDOWS\$NtUninstallKB894391$\olecnv32.dll
*\WINDOWS\$NtUninstallKB894391$\rpcss.dll
*\WINDOWS\AppPatch\AcGenral.dll
*\WINDOWS\AppPatch\AcLayers.dll
*\WINDOWS\AppPatch\AcLua.dll
*\WINDOWS\AppPatch\AcSpecfc.dll
*\WINDOWS\AppPatch\AcXtrnal.dll
*\WINDOWS\AppPatch\apphelp.sdb
*\WINDOWS\AppPatch\apph_sp.sdb
*\WINDOWS\AppPatch\drvmain.sdb
*\WINDOWS\AppPatch\msimain.sdb
*\WINDOWS\AppPatch\sysmain.sdb
*\WINDOWS\BDOSCAN8\avxdisk.dll
*\WINDOWS\BDOSCAN8\avxs.dll
*\WINDOWS\BDOSCAN8\avxt.dll
*\WINDOWS\BDOSCAN8\bdcore.dll
*\WINDOWS\BDOSCAN8\bdoscan.ini
*\WINDOWS\BDOSCAN8\bdoscan.log
*\WINDOWS\BDOSCAN8\bdupd.dll
*\WINDOWS\BDOSCAN8\bdupd.dll.updpnd
*\WINDOWS\BDOSCAN8\boot.xmd
*\WINDOWS\BDOSCAN8\ipsupd.dll
*\WINDOWS\BDOSCAN8\lang.ini
*\WINDOWS\BDOSCAN8\libfn.dll
*\WINDOWS\BDOSCAN8\librtvr.dll
*\WINDOWS\BDOSCAN8\live.ini
*\WINDOWS\BDOSCAN8\oscan8.ocx
*\WINDOWS\BDOSCAN8\oscan81.ocx
*\WINDOWS\BDOSCAN8\oscan81.ocx_x
*\WINDOWS\BDOSCAN8\plugins.htm
*\WINDOWS\BDOSCAN8\rtvr.html
*\WINDOWS\BDOSCAN8\rtvr2.html
*\WINDOWS\BDOSCAN8\scanoptions.tsi
*\WINDOWS\BDOSCAN8\scanoptions.tsk
*\WINDOWS\BDOSCAN8\scanrep.html
*\WINDOWS\BDOSCAN8\scanres.html
*\WINDOWS\BDOSCAN8\scanres2.html
*\WINDOWS\BDOSCAN8\upd81.bpx
*\WINDOWS\Cursors\3dgarro.cur
*\WINDOWS\Cursors\3dgmove.cur
*\WINDOWS\Cursors\3dgnesw.cur
*\WINDOWS\Cursors\3dgno.cur
*\WINDOWS\Cursors\3dgns.cur
*\WINDOWS\Cursors\3dgnwse.cur
*\WINDOWS\Cursors\3dgwe.cur
*\WINDOWS\Cursors\3dsmove.cur
*\WINDOWS\Cursors\3dsns.cur
*\WINDOWS\Cursors\3dsnwse.cur
*\WINDOWS\Cursors\3dwarro.cur
*\WINDOWS\Cursors\3dwmove.cur
*\WINDOWS\Cursors\3dwnesw.cur
*\WINDOWS\Cursors\3dwno.cur
*\WINDOWS\Cursors\3dwns.cur
*\WINDOWS\Cursors\3dwnwse.cur
*\WINDOWS\Cursors\3dwwe.cur
*\WINDOWS\Cursors\appstar2.ani
*\WINDOWS\Cursors\appstar3.ani
*\WINDOWS\Cursors\appstart.ani
*\WINDOWS\Cursors\banana.ani
*\WINDOWS\Cursors\barber.ani
*\WINDOWS\Cursors\coin.ani
*\WINDOWS\Cursors\counter.ani
*\WINDOWS\Cursors\cross.cur
*\WINDOWS\Cursors\dinosau2.ani
*\WINDOWS\Cursors\dinosaur.ani
*\WINDOWS\Cursors\drum.ani
*\WINDOWS\Cursors\fillitup.ani
*\WINDOWS\Cursors\hand.ani
*\WINDOWS\Cursors\handapst.ani
*\WINDOWS\Cursors\handnesw.ani
*\WINDOWS\Cursors\handno.ani
*\WINDOWS\Cursors\handns.ani
*\WINDOWS\Cursors\handnwse.ani
*\WINDOWS\Cursors\handwait.ani
*\WINDOWS\Cursors\handwe.ani
*\WINDOWS\Cursors\harrow.cur
*\WINDOWS\Cursors\hcross.cur
*\WINDOWS\Cursors\hibeam.cur
*\WINDOWS\Cursors\hmove.cur
*\WINDOWS\Cursors\hnesw.cur
*\WINDOWS\Cursors\hnodrop.cur
*\WINDOWS\Cursors\hns.cur
*\WINDOWS\Cursors\hnwse.cur
*\WINDOWS\Cursors\horse.ani
*\WINDOWS\Cursors\hourgla2.ani
*\WINDOWS\Cursors\hourgla3.ani
*\WINDOWS\Cursors\hourglas.ani
*\WINDOWS\Cursors\hwe.cur
*\WINDOWS\Cursors\lappstrt.cur
*\WINDOWS\Cursors\larrow.cur
*\WINDOWS\Cursors\lcross.cur
*\WINDOWS\Cursors\libeam.cur
*\WINDOWS\Cursors\lmove.cur
*\WINDOWS\Cursors\lnesw.cur
*\WINDOWS\Cursors\lnodrop.cur
*\WINDOWS\Cursors\lns.cur
*\WINDOWS\Cursors\lnwse.cur
*\WINDOWS\Cursors\lwait.cur
*\WINDOWS\Cursors\lwe.cur
*\WINDOWS\Cursors\metronom.ani
*\WINDOWS\Cursors\piano.ani
*\WINDOWS\Cursors\rainbow.ani
*\WINDOWS\Cursors\raindrop.ani
*\WINDOWS\Cursors\sizenesw.ani
*\WINDOWS\Cursors\sizens.ani
*\WINDOWS\Cursors\sizenwse.ani
*\WINDOWS\Cursors\sizewe.ani
*\WINDOWS\Cursors\stopwtch.ani
*\WINDOWS\Cursors\vanisher.ani
*\WINDOWS\Cursors\wagtail.ani
*\WINDOWS\Debug\NetSetup.LOG
*\WINDOWS\Debug\PASSWD.LOG
*\WINDOWS\Downloaded Program Files\asinst.dll
*\WINDOWS\Downloaded Program Files\asinst.inf
*\WINDOWS\Downloaded Program Files\bdcore.dll
*\WINDOWS\Downloaded Program Files\bdupd.dll
*\WINDOWS\Downloaded Program Files\desktop.ini
*\WINDOWS\Downloaded Program Files\ipsupd.dll
*\WINDOWS\Downloaded Program Files\kavwebscan.inf
*\WINDOWS\Downloaded Program Files\lang.ini
*\WINDOWS\Downloaded Program Files\libfn.dll
*\WINDOWS\Downloaded Program Files\live.ini
*\WINDOWS\Downloaded Program Files\oscan81.ocx_x
*\WINDOWS\Downloaded Program Files\scanoptions.tsi
*\WINDOWS\Downloaded Program Files\wuweb.inf
*\WINDOWS\ehome\custsat.dll
*\WINDOWS\Fonts\8514fix.fon
*\WINDOWS\Fonts\8514fixe.fon
*\WINDOWS\Fonts\8514fixg.fon
*\WINDOWS\Fonts\8514fixr.fon
*\WINDOWS\Fonts\8514fixt.fon
*\WINDOWS\Fonts\8514oem.fon
*\WINDOWS\Fonts\8514oeme.fon
*\WINDOWS\Fonts\8514oemg.fon
*\WINDOWS\Fonts\8514oemr.fon
*\WINDOWS\Fonts\8514oemt.fon
*\WINDOWS\Fonts\8514sys.fon
*\WINDOWS\Fonts\8514syse.fon
*\WINDOWS\Fonts\8514sysg.fon
*\WINDOWS\Fonts\8514sysr.fon
*\WINDOWS\Fonts\8514syst.fon
*\WINDOWS\Fonts\85775.fon
*\WINDOWS\Fonts\85855.fon
*\WINDOWS\Fonts\85f1257.fon
*\WINDOWS\Fonts\85s1257.fon
*\WINDOWS\Fonts\AGENCYB.TTF
*\WINDOWS\Fonts\AGENCYR.TTF
*\WINDOWS\Fonts\ANTQUAB.TTF
*\WINDOWS\Fonts\ANTQUABI.TTF
*\WINDOWS\Fonts\ANTQUAI.TTF
*\WINDOWS\Fonts\app775.fon
*\WINDOWS\Fonts\app850.fon
*\WINDOWS\Fonts\app852.fon
*\WINDOWS\Fonts\app855.fon
*\WINDOWS\Fonts\app857.fon
*\WINDOWS\Fonts\app866.fon
*\WINDOWS\Fonts\arial.ttf
*\WINDOWS\Fonts\arialbd.ttf
*\WINDOWS\Fonts\arialbi.ttf
*\WINDOWS\Fonts\ariali.ttf
*\WINDOWS\Fonts\ARIALN.TTF
*\WINDOWS\Fonts\ARIALNB.TTF
*\WINDOWS\Fonts\ARIALNBI.TTF
*\WINDOWS\Fonts\ARIALNI.TTF
*\WINDOWS\Fonts\ariblk.ttf
*\WINDOWS\Fonts\ARLRDBD.TTF
*\WINDOWS\Fonts\BKANT.TTF
*\WINDOWS\Fonts\BOD_B.TTF
*\WINDOWS\Fonts\BOD_BI.TTF
*\WINDOWS\Fonts\BOD_BLAI.TTF
*\WINDOWS\Fonts\BOD_BLAR.TTF
*\WINDOWS\Fonts\BOD_CB.TTF
*\WINDOWS\Fonts\BOD_CBI.TTF
*\WINDOWS\Fonts\BOD_CI.TTF
*\WINDOWS\Fonts\BOD_CR.TTF
*\WINDOWS\Fonts\BOD_I.TTF
*\WINDOWS\Fonts\BOD_R.TTF
*\WINDOWS\Fonts\BOOKOS.TTF
*\WINDOWS\Fonts\BOOKOSB.TTF
*\WINDOWS\Fonts\BOOKOSBI.TTF
*\WINDOWS\Fonts\BOOKOSI.TTF
*\WINDOWS\Fonts\BRADHITC.TTF
*\WINDOWS\Fonts\BSSYM7.TTF
*\WINDOWS\Fonts\CALIST.TTF
*\WINDOWS\Fonts\CALISTB.TTF
*\WINDOWS\Fonts\CALISTBI.TTF
*\WINDOWS\Fonts\CALISTI.TTF
*\WINDOWS\Fonts\CASTELAR.TTF
*\WINDOWS\Fonts\CENSCBK.TTF
*\WINDOWS\Fonts\cga40737.fon
*\WINDOWS\Fonts\cga40850.fon
*\WINDOWS\Fonts\cga40852.fon
*\WINDOWS\Fonts\cga40857.fon
*\WINDOWS\Fonts\cga40866.fon
*\WINDOWS\Fonts\cga40869.fon
*\WINDOWS\Fonts\cga40woa.fon
*\WINDOWS\Fonts\cga80737.fon
*\WINDOWS\Fonts\cga80850.fon
*\WINDOWS\Fonts\cga80852.fon
*\WINDOWS\Fonts\cga80857.fon
*\WINDOWS\Fonts\cga80866.fon
*\WINDOWS\Fonts\cga80869.fon
*\WINDOWS\Fonts\cga80woa.fon
*\WINDOWS\Fonts\comic.ttf
*\WINDOWS\Fonts\comicbd.ttf
*\WINDOWS\Fonts\COPRGTB.TTF
*\WINDOWS\Fonts\COPRGTL.TTF
*\WINDOWS\Fonts\coue1257.fon
*\WINDOWS\Fonts\couf1257.fon
*\WINDOWS\Fonts\cour.ttf
*\WINDOWS\Fonts\courbd.ttf
*\WINDOWS\Fonts\courbi.ttf
*\WINDOWS\Fonts\coure.fon
*\WINDOWS\Fonts\couree.fon
*\WINDOWS\Fonts\coureg.fon
*\WINDOWS\Fonts\courer.fon
*\WINDOWS\Fonts\couret.fon
*\WINDOWS\Fonts\courf.fon
*\WINDOWS\Fonts\courfe.fon
*\WINDOWS\Fonts\courfg.fon
*\WINDOWS\Fonts\courfr.fon
*\WINDOWS\Fonts\courft.fon
*\WINDOWS\Fonts\couri.ttf
*\WINDOWS\Fonts\CURLZ___.TTF
*\WINDOWS\Fonts\desktop.ini
*\WINDOWS\Fonts\digifaw.ttf
*\WINDOWS\Fonts\dos737.fon
*\WINDOWS\Fonts\dosapp.fon
*\WINDOWS\Fonts\ega40737.fon
*\WINDOWS\Fonts\ega40850.fon
*\WINDOWS\Fonts\ega40852.fon
*\WINDOWS\Fonts\ega40857.fon
*\WINDOWS\Fonts\ega40866.fon
*\WINDOWS\Fonts\ega40869.fon
*\WINDOWS\Fonts\ega40woa.fon
*\WINDOWS\Fonts\ega80737.fon
*\WINDOWS\Fonts\ega80850.fon
*\WINDOWS\Fonts\ega80852.fon
*\WINDOWS\Fonts\ega80857.fon
*\WINDOWS\Fonts\ega80866.fon
*\WINDOWS\Fonts\ega80869.fon
*\WINDOWS\Fonts\ega80woa.fon
*\WINDOWS\Fonts\ELEPHNT.TTF
*\WINDOWS\Fonts\ELEPHNTI.TTF
*\WINDOWS\Fonts\ENGR.TTF
*\WINDOWS\Fonts\ERASBD.TTF
*\WINDOWS\Fonts\ERASDEMI.TTF
*\WINDOWS\Fonts\ERASLGHT.TTF
*\WINDOWS\Fonts\ERASMD.TTF
*\WINDOWS\Fonts\estre.ttf
*\WINDOWS\Fonts\FELIXTI.TTF
*\WINDOWS\Fonts\FORTE.TTF
*\WINDOWS\Fonts\FRABK.TTF
*\WINDOWS\Fonts\FRABKIT.TTF
*\WINDOWS\Fonts\FRADM.TTF
*\WINDOWS\Fonts\FRADMCN.TTF
*\WINDOWS\Fonts\FRADMIT.TTF
*\WINDOWS\Fonts\FRAHV.TTF
*\WINDOWS\Fonts\FRAHVIT.TTF
*\WINDOWS\Fonts\framd.ttf
*\WINDOWS\Fonts\FRAMDCN.TTF
*\WINDOWS\Fonts\framdit.ttf
*\WINDOWS\Fonts\FRSCRIPT.TTF
*\WINDOWS\Fonts\GARA.TTF
*\WINDOWS\Fonts\GARABD.TTF
*\WINDOWS\Fonts\GARAIT.TTF
*\WINDOWS\Fonts\gautami.ttf
*\WINDOWS\Fonts\georgia.ttf
*\WINDOWS\Fonts\georgiab.ttf
*\WINDOWS\Fonts\georgiai.ttf
*\WINDOWS\Fonts\georgiaz.ttf
*\WINDOWS\Fonts\GIGI.TTF
*\WINDOWS\Fonts\GILBI___.TTF
*\WINDOWS\Fonts\GILB____.TTF
*\WINDOWS\Fonts\GILC____.TTF
*\WINDOWS\Fonts\GILI____.TTF
*\WINDOWS\Fonts\GILLUBCD.TTF
*\WINDOWS\Fonts\GILSANUB.TTF
*\WINDOWS\Fonts\GIL_____.TTF
*\WINDOWS\Fonts\GLECB.TTF
*\WINDOWS\Fonts\GLSNECB.TTF
*\WINDOWS\Fonts\GOTHIC.TTF
*\WINDOWS\Fonts\GOTHICB.TTF
*\WINDOWS\Fonts\GOTHICBI.TTF
*\WINDOWS\Fonts\GOTHICI.TTF
*\WINDOWS\Fonts\GOUDOS.TTF
*\WINDOWS\Fonts\GOUDOSB.TTF
*\WINDOWS\Fonts\GOUDOSI.TTF
*\WINDOWS\Fonts\GOUDYSTO.TTF
*\WINDOWS\Fonts\HATTEN.TTF
*\WINDOWS\Fonts\impact.ttf
*\WINDOWS\Fonts\IMPRISHA.TTF
*\WINDOWS\Fonts\ITCBLKAD.TTF
*\WINDOWS\Fonts\ITCEDSCR.TTF
*\WINDOWS\Fonts\kartika.ttf
*\WINDOWS\Fonts\latha.ttf
*\WINDOWS\Fonts\LSANS.TTF
*\WINDOWS\Fonts\LSANSD.TTF
*\WINDOWS\Fonts\LSANSDI.TTF
*\WINDOWS\Fonts\LSANSI.TTF
*\WINDOWS\Fonts\LTYPE.TTF
*\WINDOWS\Fonts\LTYPEB.TTF
*\WINDOWS\Fonts\LTYPEBO.TTF
*\WINDOWS\Fonts\LTYPEO.TTF
*\WINDOWS\Fonts\lucon.ttf
*\WINDOWS\Fonts\l_10646.ttf
*\WINDOWS\Fonts\MAIAN.TTF
*\WINDOWS\Fonts\mangal.ttf
*\WINDOWS\Fonts\marlett.ttf
*\WINDOWS\Fonts\micross.ttf
*\WINDOWS\Fonts\modern.fon
*\WINDOWS\Fonts\MTCORSVA.TTF
*\WINDOWS\Fonts\mvboli.ttf
*\WINDOWS\Fonts\OCRAEXT.TTF
*\WINDOWS\Fonts\OUTLOOK.TTF
*\WINDOWS\Fonts\pala.ttf
*\WINDOWS\Fonts\palab.ttf
*\WINDOWS\Fonts\palabi.ttf
*\WINDOWS\Fonts\palai.ttf
*\WINDOWS\Fonts\PALSCRI.TTF
*\WINDOWS\Fonts\PAPYRUS.TTF
*\WINDOWS\Fonts\PERBI___.TTF
*\WINDOWS\Fonts\PERB____.TTF
*\WINDOWS\Fonts\PERI____.TTF
*\WINDOWS\Fonts\PERTIBD.TTF
*\WINDOWS\Fonts\PERTILI.TTF
*\WINDOWS\Fonts\PER_____.TTF
*\WINDOWS\Fonts\PRISTINA.TTF
*\WINDOWS\Fonts\raavi.ttf
*\WINDOWS\Fonts\RAGE.TTF
*\WINDOWS\Fonts\REFSAN.TTF
*\WINDOWS\Fonts\REFSPCL.TTF
*\WINDOWS\Fonts\ROCCB___.TTF
*\WINDOWS\Fonts\ROCC____.TTF
*\WINDOWS\Fonts\ROCK.TTF
*\WINDOWS\Fonts\ROCKB.TTF
*\WINDOWS\Fonts\ROCKBI.TTF
*\WINDOWS\Fonts\ROCKEB.TTF
*\WINDOWS\Fonts\ROCKI.TTF
*\WINDOWS\Fonts\roman.fon
*\WINDOWS\Fonts\SCHLBKB.TTF
*\WINDOWS\Fonts\SCHLBKBI.TTF
*\WINDOWS\Fonts\SCHLBKI.TTF
*\WINDOWS\Fonts\script.fon
*\WINDOWS\Fonts\SCRIPTBL.TTF
*\WINDOWS\Fonts\sere1257.fon
*\WINDOWS\Fonts\serf1257.fon
*\WINDOWS\Fonts\serife.fon
*\WINDOWS\Fonts\serifee.fon
*\WINDOWS\Fonts\serifeg.fon
*\WINDOWS\Fonts\serifer.fon
*\WINDOWS\Fonts\serifet.fon
*\WINDOWS\Fonts\seriff.fon
*\WINDOWS\Fonts\seriffe.fon
*\WINDOWS\Fonts\seriffg.fon
*\WINDOWS\Fonts\seriffr.fon
*\WINDOWS\Fonts\serifft.fon
*\WINDOWS\Fonts\shruti.ttf
*\WINDOWS\Fonts\smae1257.fon
*\WINDOWS\Fonts\smaf1257.fon
*\WINDOWS\Fonts\smalle.fon
*\WINDOWS\Fonts\smallee.fon
*\WINDOWS\Fonts\smalleg.fon
*\WINDOWS\Fonts\smaller.fon
*\WINDOWS\Fonts\smallet.fon
*\WINDOWS\Fonts\smallf.fon
*\WINDOWS\Fonts\smallfe.fon
*\WINDOWS\Fonts\smallfg.fon
*\WINDOWS\Fonts\smallfr.fon
*\WINDOWS\Fonts\smallft.fon
*\WINDOWS\Fonts\SSBody.ttf
*\WINDOWS\Fonts\ssee1257.fon
*\WINDOWS\Fonts\ssef1257.fon
*\WINDOWS\Fonts\sserife.fon
*\WINDOWS\Fonts\sserifee.fon
*\WINDOWS\Fonts\sserifeg.fon
*\WINDOWS\Fonts\sserifer.fon
*\WINDOWS\Fonts\sserifet.fon
*\WINDOWS\Fonts\sseriff.fon
*\WINDOWS\Fonts\sseriffe.fon
*\WINDOWS\Fonts\sseriffg.fon
*\WINDOWS\Fonts\sseriffr.fon
*\WINDOWS\Fonts\sserifft.fon
*\WINDOWS\Fonts\SSLogo.ttf
*\WINDOWS\Fonts\SSymbols.ttf
*\WINDOWS\Fonts\sylfaen.ttf
*\WINDOWS\Fonts\symbol.ttf
*\WINDOWS\Fonts\symbole.fon
*\WINDOWS\Fonts\tahoma.ttf
*\WINDOWS\Fonts\tahomabd.ttf
*\WINDOWS\Fonts\TCBI____.TTF
*\WINDOWS\Fonts\TCB_____.TTF
*\WINDOWS\Fonts\TCCB____.TTF
*\WINDOWS\Fonts\TCCEB.TTF
*\WINDOWS\Fonts\TCCM____.TTF
*\WINDOWS\Fonts\TCMI____.TTF
*\WINDOWS\Fonts\TCM_____.TTF
*\WINDOWS\Fonts\times.ttf
*\WINDOWS\Fonts\timesbd.ttf
*\WINDOWS\Fonts\timesbi.ttf
*\WINDOWS\Fonts\timesi.ttf
*\WINDOWS\Fonts\trebuc.ttf
*\WINDOWS\Fonts\trebucbd.ttf
*\WINDOWS\Fonts\trebucbi.ttf
*\WINDOWS\Fonts\trebucit.ttf
*\WINDOWS\Fonts\tunga.ttf
*\WINDOWS\Fonts\verdana.ttf
*\WINDOWS\Fonts\verdanab.ttf
*\WINDOWS\Fonts\verdanai.ttf
*\WINDOWS\Fonts\verdanaz.ttf
*\WINDOWS\Fonts\vga737.fon
*\WINDOWS\Fonts\vga775.fon
*\WINDOWS\Fonts\vga850.fon
*\WINDOWS\Fonts\vga852.fon
*\WINDOWS\Fonts\vga855.fon
*\WINDOWS\Fonts\vga857.fon
*\WINDOWS\Fonts\vga860.fon
*\WINDOWS\Fonts\vga863.fon
*\WINDOWS\Fonts\vga865.fon
*\WINDOWS\Fonts\vga866.fon
*\WINDOWS\Fonts\vga869.fon
*\WINDOWS\Fonts\vgaf1257.fon
*\WINDOWS\Fonts\vgafix.fon
*\WINDOWS\Fonts\vgafixe.fon
*\WINDOWS\Fonts\vgafixg.fon
*\WINDOWS\Fonts\vgafixr.fon
*\WINDOWS\Fonts\vgafixt.fon
*\WINDOWS\Fonts\vgaoem.fon
*\WINDOWS\Fonts\vgas1257.fon
*\WINDOWS\Fonts\vgasys.fon
*\WINDOWS\Fonts\vgasyse.fon
*\WINDOWS\Fonts\vgasysg.fon
*\WINDOWS\Fonts\vgasysr.fon
*\WINDOWS\Fonts\vgasyst.fon
*\WINDOWS\Fonts\vrinda.ttf
*\WINDOWS\Fonts\webdings.ttf
*\WINDOWS\Fonts\wingding.ttf
*\WINDOWS\Fonts\WINGDNG2.TTF
*\WINDOWS\Fonts\WINGDNG3.TTF
*\WINDOWS\Fonts\wst_czec.fon
*\WINDOWS\Fonts\wst_engl.fon
*\WINDOWS\Fonts\wst_fren.fon
*\WINDOWS\Fonts\wst_germ.fon
*\WINDOWS\Fonts\wst_ital.fon
*\WINDOWS\Fonts\wst_span.fon
*\WINDOWS\Fonts\wst_swed.fon
*\WINDOWS\Help\access.chm
*\WINDOWS\Help\accessib.chm
*\WINDOWS\Help\accessib.cnt
*\WINDOWS\Help\accessib.hlp
*\WINDOWS\Help\acc_dis.chm
*\WINDOWS\Help\aclui.chm
*\WINDOWS\Help\aclui.hlp
*\WINDOWS\Help\addremov.chm
*\WINDOWS\Help\ade.hlp
*\WINDOWS\Help\admtools.chm
*\WINDOWS\Help\adprop.hlp
*\WINDOWS\Help\agt0405.hlp
*\WINDOWS\Help\agt0406.hlp
*\WINDOWS\Help\agt0407.hlp
*\WINDOWS\Help\agt0408.hlp
*\WINDOWS\Help\agt0409.hlp
*\WINDOWS\Help\agt040b.hlp
*\WINDOWS\Help\agt040c.hlp
*\WINDOWS\Help\agt040e.hlp
*\WINDOWS\Help\agt0410.hlp
*\WINDOWS\Help\agt0413.hlp
*\WINDOWS\Help\agt0414.hlp
*\WINDOWS\Help\agt0415.hlp
*\WINDOWS\Help\agt0416.hlp
*\WINDOWS\Help\agt0419.hlp
*\WINDOWS\Help\agt041d.hlp
*\WINDOWS\Help\agt041f.hlp
*\WINDOWS\Help\agt0816.hlp
*\WINDOWS\Help\agt0c0a.hlp
*\WINDOWS\Help\apps.chm
*\WINDOWS\Help\apps_sp.chm
*\WINDOWS\Help\article.chm
*\WINDOWS\Help\atm.chm
*\WINDOWS\Help\audiocdc.hlp
*\WINDOWS\Help\audit.chm
*\WINDOWS\Help\blurbs.chm
*\WINDOWS\Help\blutooth.chm
*\WINDOWS\Help\bnts.dll
*\WINDOWS\Help\bootcons.chm
*\WINDOWS\Help\brief.chm
*\WINDOWS\Help\calc.chm
*\WINDOWS\Help\calc.hlp
*\WINDOWS\Help\camera.chm
*\WINDOWS\Help\camera.hlp
*\WINDOWS\Help\cdmedia.chm
*\WINDOWS\Help\cdmedia.hlp
*\WINDOWS\Help\certmgr.chm
*\WINDOWS\Help\certmgr.hlp
*\WINDOWS\Help\charmap.chm
*\WINDOWS\Help\charmap.hlp
*\WINDOWS\Help\chnscsvr.hlp
*\WINDOWS\Help\chooser.hlp
*\WINDOWS\Help\ciadmin.htm
*\WINDOWS\Help\ciquery.htm
*\WINDOWS\Help\clipbrd.chm
*\WINDOWS\Help\clipbrd.hlp
*\WINDOWS\Help\cmconcepts.chm
*\WINDOWS\Help\colormgt.chm
*\WINDOWS\Help\comexp.chm
*\WINDOWS\Help\comexp.hlp
*\WINDOWS\Help\common.chm
*\WINDOWS\Help\compfldr.chm
*\WINDOWS\Help\compmgmt.chm
*\WINDOWS\Help\compstui.hlp
*\WINDOWS\Help\conf.chm
*\WINDOWS\Help\conf.cnt
*\WINDOWS\Help\conf.hlp
*\WINDOWS\Help\conf1.chm
*\WINDOWS\Help\connect.cnt
*\WINDOWS\Help\connect.hlp
*\WINDOWS\Help\cpanel.chm
*\WINDOWS\Help\cpanel.chq
*\WINDOWS\Help\cscui.hlp
*\WINDOWS\Help\cyycoins.chm
*\WINDOWS\Help\cyzcoins.chm
*\WINDOWS\Help\datetime.chm
*\WINDOWS\Help\ddeshare.chm
*\WINDOWS\Help\ddeshare.hlp
*\WINDOWS\Help\defrag.chm
*\WINDOWS\Help\defrag.hlp
*\WINDOWS\Help\devmgr.chm
*\WINDOWS\Help\devmgr.hlp
*\WINDOWS\Help\dfs.hlp
*\WINDOWS\Help\diagboot.chm
*\WINDOWS\Help\dialer.chm
*\WINDOWS\Help\dialer.hlp
*\WINDOWS\Help\digiras.chm
*\WINDOWS\Help\dijoy.hlp
*\WINDOWS\Help\diskmgmt.chm
*\WINDOWS\Help\diskmgmt.hlp
*\WINDOWS\Help\display.chm
*\WINDOWS\Help\display.hlp
*\WINDOWS\Help\dkconcepts.chm
*\WINDOWS\Help\drvvfp.chm
*\WINDOWS\Help\drwtsn32.chm
*\WINDOWS\Help\drwtsn32.hlp
*\WINDOWS\Help\dsclient.hlp
*\WINDOWS\Help\dskquoui.chm
*\WINDOWS\Help\dskquoui.hlp
*\WINDOWS\Help\dxdiag.chm
*\WINDOWS\Help\els.chm
*\WINDOWS\Help\els.hlp
*\WINDOWS\Help\encrypt.chm
*\WINDOWS\Help\eudcedit.chm
*\WINDOWS\Help\eudcedit.hlp
*\WINDOWS\Help\evconcepts.chm
*\WINDOWS\Help\evntwin.hlp
*\WINDOWS\Help\fde.hlp
*\WINDOWS\Help\filefold.chm
*\WINDOWS\Help\filefold.hlp
*\WINDOWS\Help\filemgmt.hlp
*\WINDOWS\Help\file_srv.chm
*\WINDOWS\Help\find.chm
*\WINDOWS\Help\folderop.chm
*\WINDOWS\Help\fonts.chm
*\WINDOWS\Help\fonts.hlp
*\WINDOWS\Help\fxsclnt.chm
*\WINDOWS\Help\fxsclnt.hlp
*\WINDOWS\Help\fxscover.chm
*\WINDOWS\Help\fxsshare.chm
*\WINDOWS\Help\gen.chm
*\WINDOWS\Help\Glossary.chm
*\WINDOWS\Help\gpedit.chm
*\WINDOWS\Help\gpedit.hlp
*\WINDOWS\Help\gptext.hlp
*\WINDOWS\Help\halftone.hlp
*\WINDOWS\Help\hardware.chm
*\WINDOWS\Help\hardware.hlp
*\WINDOWS\Help\howto.chm
*\WINDOWS\Help\hs.chm
*\WINDOWS\Help\hschelp.chm
*\WINDOWS\Help\hypertrm.chm
*\WINDOWS\Help\hypertrm.hlp
*\WINDOWS\Help\icwdial.chm
*\WINDOWS\Help\ident.hlp
*\WINDOWS\Help\ieakmmc.chm
*\WINDOWS\Help\ieeula.chm
*\WINDOWS\Help\ieos.chm
*\WINDOWS\Help\ieshared.chm
*\WINDOWS\Help\iesupp.chm
*\WINDOWS\Help\iewebhlp.chm
*\WINDOWS\Help\iexplore.chm
*\WINDOWS\Help\iexplore.hlp
*\WINDOWS\Help\iis.chm
*\WINDOWS\Help\iismmc.chm
*\WINDOWS\Help\imgprev.chm
*\WINDOWS\Help\inetres.chm
*\WINDOWS\Help\infrared.chm
*\WINDOWS\Help\infrared.hlp
*\WINDOWS\Help\input.chm
*\WINDOWS\Help\input.hlp
*\WINDOWS\Help\intellimirror.chm
*\WINDOWS\Help\ipsecconcepts.chm
*\WINDOWS\Help\ipsecsnp.chm
*\WINDOWS\Help\ipsecsnp.hlp
*\WINDOWS\Help\Ipv6.chm
*\WINDOWS\Help\is.chm
*\WINDOWS\Help\isconcepts.chm
*\WINDOWS\Help\ixhelp.hlp
*\WINDOWS\Help\ixqlang.htm
*\WINDOWS\Help\joy.chm
*\WINDOWS\Help\key.chm
*\WINDOWS\Help\keyb.chm
*\WINDOWS\Help\keyshort.chm
*\WINDOWS\Help\lang.chm
*\WINDOWS\Help\langbar.chm
*\WINDOWS\Help\license.chm
*\WINDOWS\Help\localsec.chm
*\WINDOWS\Help\localsec.hlp
*\WINDOWS\Help\lpe.chm
*\WINDOWS\Help\lpeconcepts.chm
*\WINDOWS\Help\mail.chm
*\WINDOWS\Help\mfcuix.hlp
*\WINDOWS\Help\migwiz.htm
*\WINDOWS\Help\migwiz2.htm
*\WINDOWS\Help\misc.chm
*\WINDOWS\Help\mls_trb.chm
*\WINDOWS\Help\mmc.chm
*\WINDOWS\Help\mmc_dlg.hlp
*\WINDOWS\Help\mobsync.chm
*\WINDOWS\Help\mobsync.hlp
*\WINDOWS\Help\mode.chm
*\WINDOWS\Help\modem.hlp
*\WINDOWS\Help\mouse.chm
*\WINDOWS\Help\mouse.hlp
*\WINDOWS\Help\mpconcepts.chm
*\WINDOWS\Help\mplayer2.cnt
*\WINDOWS\Help\mplayer2.hlp
*\WINDOWS\Help\mpnetwrk.hlp
*\WINDOWS\Help\mqsnap.hlp
*\WINDOWS\Help\msconfig.chm
*\WINDOWS\Help\msdasc.chm
*\WINDOWS\Help\mshearts.cnt
*\WINDOWS\Help\mshearts.hlp
*\WINDOWS\Help\msinfo32.chm
*\WINDOWS\Help\msmq.chm
*\WINDOWS\Help\msmqconcepts.chm
*\WINDOWS\Help\msnauth.cnt
*\WINDOWS\Help\msnauth.hlp
*\WINDOWS\Help\msoe.chm
*\WINDOWS\Help\msoe.hlp
*\WINDOWS\Help\msoeacct.hlp
*\WINDOWS\Help\msorcl32.chm
*\WINDOWS\Help\mspaint.chm
*\WINDOWS\Help\mspaint.hlp
*\WINDOWS\Help\mstask.chm
*\WINDOWS\Help\mstask.hlp
*\WINDOWS\Help\mstsc.chm
*\WINDOWS\Help\netcfg.chm
*\WINDOWS\Help\netcfg.hlp
*\WINDOWS\Help\network.chm
*\WINDOWS\Help\newfeat1.chm
*\WINDOWS\Help\newfeat1.hlp
*\WINDOWS\Help\newfeat2.chm
*\WINDOWS\Help\newfeat2.hlp
*\WINDOWS\Help\newfeat3.chm
*\WINDOWS\Help\newfeat3.hlp
*\WINDOWS\Help\newfeat4.chm
*\WINDOWS\Help\newfeat4.hlp
*\WINDOWS\Help\newfeat5.chm
*\WINDOWS\Help\newfeat5.hlp
*\WINDOWS\Help\nmchat.chm
*\WINDOWS\Help\nmwhiteb.chm
*\WINDOWS\Help\nocontnt.cnt
*\WINDOWS\Help\nofts.chm
*\WINDOWS\Help\notepad.chm
*\WINDOWS\Help\notepad.hlp
*\WINDOWS\Help\ntart.chm
*\WINDOWS\Help\ntchowto.chm
*\WINDOWS\Help\ntcmds.chm
*\WINDOWS\Help\ntdef.chm
*\WINDOWS\Help\nthelp.chm
*\WINDOWS\Help\ntshared.chm
*\WINDOWS\Help\ntshrui.hlp
*\WINDOWS\Help\nusrmgr.chm
*\WINDOWS\Help\nvcpl.hlp
*\WINDOWS\Help\nvwcplen.hlp
*\WINDOWS\Help\nwdoc.chm
*\WINDOWS\Help\nwdoc.hlp
*\WINDOWS\Help\objsel.hlp
*\WINDOWS\Help\odbcinst.chm
*\WINDOWS\Help\odbcjet.chm
*\WINDOWS\Help\oe_msgr.chm
*\WINDOWS\Help\offlinefolders.chm
*\WINDOWS\Help\omc.chm
*\WINDOWS\Help\packager.chm
*\WINDOWS\Help\password.chm
*\WINDOWS\Help\phowto.chm
*\WINDOWS\Help\plyr_err.chm
*\WINDOWS\Help\printfnd.chm
*\WINDOWS\Help\printing.chm
*\WINDOWS\Help\progman.cnt
*\WINDOWS\Help\progman.hlp
*\WINDOWS\Help\pwrmn.chm
*\WINDOWS\Help\pwrmn.hlp
*\WINDOWS\Help\qosconcepts.chm
*\WINDOWS\Help\ratings.chm
*\WINDOWS\Help\ratings.cnt
*\WINDOWS\Help\ratings.hlp
*\WINDOWS\Help\rdesktop.chm
*\WINDOWS\Help\recycle.chm
*\WINDOWS\Help\regedit.chm
*\WINDOWS\Help\regedit.hlp
*\WINDOWS\Help\regopt.chm
*\WINDOWS\Help\remasst.chm
*\WINDOWS\Help\reskit.chm
*\WINDOWS\Help\rktools.chm
*\WINDOWS\Help\rrc.chm
*\WINDOWS\Help\rsm.chm
*\WINDOWS\Help\rsm.hlp
*\WINDOWS\Help\rsmconcepts.chm
*\WINDOWS\Help\rsop.chm
*\WINDOWS\Help\rsopsnp.chm
*\WINDOWS\Help\safer.chm
*\WINDOWS\Help\saferconcepts.chm
*\WINDOWS\Help\sapicpl.hlp
*\WINDOWS\Help\sc.chm
*\WINDOWS\Help\scarddlg.hlp
*\WINDOWS\Help\sce.chm
*\WINDOWS\Help\sceconcepts.chm
*\WINDOWS\Help\scm.chm
*\WINDOWS\Help\scmconcepts.chm
*\WINDOWS\Help\secauth.hlp
*\WINDOWS\Help\secedit.chm
*\WINDOWS\Help\secsetconcepts.chm
*\WINDOWS\Help\secsettings.chm
*\WINDOWS\Help\sendcmsg.chm
*\WINDOWS\Help\sendcmsg.hlp
*\WINDOWS\Help\sfmmgr.hlp
*\WINDOWS\Help\shell.hlp
*\WINDOWS\Help\signin.hlp
*\WINDOWS\Help\sigverif.hlp
*\WINDOWS\Help\smlogcfg.chm
*\WINDOWS\Help\sndvol32.chm
*\WINDOWS\Help\sndvol32.hlp
*\WINDOWS\Help\sniffpol.dll
*\WINDOWS\Help\snmpconcepts.chm
*\WINDOWS\Help\snmpsnap.hlp
*\WINDOWS\Help\soundrec.chm
*\WINDOWS\Help\soundrec.hlp
*\WINDOWS\Help\sounds.chm
*\WINDOWS\Help\spad.chm
*\WINDOWS\Help\spconcepts.chm
*\WINDOWS\Help\speech.chm
*\WINDOWS\Help\spider.hlp
*\WINDOWS\Help\splash.chm
*\WINDOWS\Help\spolsconcepts.chm
*\WINDOWS\Help\sr_ui.chm
*\WINDOWS\Help\sstub.dll
*\WINDOWS\Help\supp_ed.chm
*\WINDOWS\Help\suptools.chm
*\WINDOWS\Help\sysdm.chm
*\WINDOWS\Help\sysdm.hlp
*\WINDOWS\Help\sysmon.chm
*\WINDOWS\Help\sysmon.hlp
*\WINDOWS\Help\sysprop.chm
*\WINDOWS\Help\sysrestore.chm
*\WINDOWS\Help\sysrestore.hlp
*\WINDOWS\Help\system.chm
*\WINDOWS\Help\sys_srv.chm
*\WINDOWS\Help\tapi.chm
*\WINDOWS\Help\tapi.hlp
*\WINDOWS\Help\taskbar.chm
*\WINDOWS\Help\taskmgr.chm
*\WINDOWS\Help\taskmgr.hlp
*\WINDOWS\Help\tcpip.chm
*\WINDOWS\Help\tcpmon.hlp
*\WINDOWS\Help\telnet.chm
*\WINDOWS\Help\telnet.hlp
*\WINDOWS\Help\timesrv.chm
*\WINDOWS\Help\tshoot.chm
*\WINDOWS\Help\tshoot.dll
*\WINDOWS\Help\twclient.chm
*\WINDOWS\Help\twclient.hlp
*\WINDOWS\Help\update.cnt
*\WINDOWS\Help\update.GID
*\WINDOWS\Help\update1.chm
*\WINDOWS\Help\usercpl.chm
*\WINDOWS\Help\users.hlp
*\WINDOWS\Help\verifier.hlp
*\WINDOWS\Help\wab.chm
*\WINDOWS\Help\wab.hlp
*\WINDOWS\Help\wbemtest.chm
*\WINDOWS\Help\webpub.chm
*\WINDOWS\Help\whatsnew.chm
*\WINDOWS\Help\winchat.chm
*\WINDOWS\Help\winchat.hlp
*\WINDOWS\Help\windows.chm
*\WINDOWS\Help\windows.chq
*\WINDOWS\Help\windows.cnt
*\WINDOWS\Help\windows.hlp
*\WINDOWS\Help\winhlp32.cnt
*\WINDOWS\Help\winhlp32.hlp
*\WINDOWS\Help\wininstl.chm
*\WINDOWS\Help\win_dos.chm
*\WINDOWS\Help\wmic.chm
*\WINDOWS\Help\wmifltr.chm
*\WINDOWS\Help\wmplay.chm
*\WINDOWS\Help\wmplayer.chm
*\WINDOWS\Help\wpa.chm
*\WINDOWS\Help\wschelp.chm
*\WINDOWS\Help\wscript.chm
*\WINDOWS\Help\wscript.hlp
*\WINDOWS\Help\wsecedit.hlp
*\WINDOWS\Help\wshconcepts.chm
*\WINDOWS\Help\wuau.chm
*\WINDOWS\Help\wuauhelp.chm
*\WINDOWS\ime\mscandui.dll
*\WINDOWS\ime\SOFTKBD.DLL
*\WINDOWS\ime\SPGRMR.dll
*\WINDOWS\ime\SPTIP.dll
*\WINDOWS\inf\1394.inf
*\WINDOWS\inf\1394.PNF
*\WINDOWS\inf\1394vdbg.inf
*\WINDOWS\inf\1394vdbg.PNF
*\WINDOWS\inf\3dfxvs2k.inf
*\WINDOWS\inf\3dfxvs2k.PNF
*\WINDOWS\inf\61883.inf
*\WINDOWS\inf\61883.PNF
*\WINDOWS\inf\accessor.inf
*\WINDOWS\inf\accessor.PNF
*\WINDOWS\inf\acerscan.inf
*\WINDOWS\inf\acerscan.PNF
*\WINDOWS\inf\acpi.inf
*\WINDOWS\inf\acpi.PNF
*\WINDOWS\inf\adm_mult.inf
*\WINDOWS\inf\adm_mult.PNF
*\WINDOWS\inf\adm_port.inf
*\WINDOWS\inf\adm_port.PNF
*\WINDOWS\inf\AER_1033.ADM
*\WINDOWS\inf\agp.inf
*\WINDOWS\inf\agp.PNF
*\WINDOWS\inf\agtinst.inf
*\WINDOWS\inf\agtinst.PNF
*\WINDOWS\inf\apcompat.inf
*\WINDOWS\inf\apcompat.PNF
*\WINDOWS\inf\appmig.inf
*\WINDOWS\inf\appmig.PNF
*\WINDOWS\inf\apps.inf
*\WINDOWS\inf\apps.PNF
*\WINDOWS\inf\asroc.inf
*\WINDOWS\inf\asroc.PNF
*\WINDOWS\inf\asynceqn.inf
*\WINDOWS\inf\asynceqn.PNF
*\WINDOWS\inf\ati1xwdm.inf
*\WINDOWS\inf\ati1xwdm.PNF
*\WINDOWS\inf\atiixpaa.inf
*\WINDOWS\inf\atiixpaa.PNF
*\WINDOWS\inf\atiixpag.inf
*\WINDOWS\inf\atiixpag.PNF
*\WINDOWS\inf\atim128.inf
*\WINDOWS\inf\atim128.PNF
*\WINDOWS\inf\atimpab.inf
*\WINDOWS\inf\atimpab.PNF
*\WINDOWS\inf\atirage3.inf
*\WINDOWS\inf\atirage3.PNF
*\WINDOWS\inf\atividin.inf
*\WINDOWS\inf\atividin.PNF
*\WINDOWS\inf\atixpwdm.inf
*\WINDOWS\inf\atixpwdm.PNF
*\WINDOWS\inf\au.inf
*\WINDOWS\inf\au.PNF
*\WINDOWS\inf\avc.inf
*\WINDOWS\inf\avc.PNF
*\WINDOWS\inf\avmisdn.inf
*\WINDOWS\inf\avmisdn.PNF
*\WINDOWS\inf\axant5.inf
*\WINDOWS\inf\axant5.PNF
*\WINDOWS\inf\banshee.inf
*\WINDOWS\inf\banshee.PNF
*\WINDOWS\inf\battery.inf
*\WINDOWS\inf\battery.PNF
*\WINDOWS\inf\bda.inf
*\WINDOWS\inf\bda.PNF
*\WINDOWS\inf\biosinfo.inf
*\WINDOWS\inf\biosinfo.PNF
*\WINDOWS\inf\branches.inf
*\WINDOWS\inf\branches.PNF
*\WINDOWS\inf\brmfcmdm.inf
*\WINDOWS\inf\brmfcmdm.PNF
*\WINDOWS\inf\brmfcmf.inf
*\WINDOWS\inf\brmfcmf.PNF
*\WINDOWS\inf\brmfcsto.inf
*\WINDOWS\inf\brmfcsto.PNF
*\WINDOWS\inf\brmfcumd.inf
*\WINDOWS\inf\brmfcumd.PNF
*\WINDOWS\inf\brmfcwia.inf
*\WINDOWS\inf\brmfcwia.PNF
*\WINDOWS\inf\brmfport.inf
*\WINDOWS\inf\brmfport.PNF
*\WINDOWS\inf\bth.inf
*\WINDOWS\inf\bth.PNF
*\WINDOWS\inf\bthpan.inf
*\WINDOWS\inf\bthpan.PNF
*\WINDOWS\inf\bthprint.inf
*\WINDOWS\inf\bthprint.PNF
*\WINDOWS\inf\bthspp.inf
*\WINDOWS\inf\bthspp.PNF
*\WINDOWS\inf\camdsh20.inf
*\WINDOWS\inf\camdsh20.PNF
*\WINDOWS\inf\camvid20.inf
*\WINDOWS\inf\camvid20.PNF
*\WINDOWS\inf\camvid30.inf
*\WINDOWS\inf\camvid30.PNF
*\WINDOWS\inf\ccdecode.inf
*\WINDOWS\inf\ccdecode.PNF
*\WINDOWS\inf\cdrom.inf
*\WINDOWS\inf\cdrom.PNF
*\WINDOWS\inf\certclas.inf
*\WINDOWS\inf\certclas.PNF
*\WINDOWS\inf\communic.inf
*\WINDOWS\inf\communic.PNF
*\WINDOWS\inf\comnt5.inf
*\WINDOWS\inf\comnt5.PNF
*\WINDOWS\inf\conf.adm
*\WINDOWS\inf\corelist.inf
*\WINDOWS\inf\corelist.PNF
*\WINDOWS\inf\cpu.inf
*\WINDOWS\inf\cpu.PNF
*\WINDOWS\inf\ctmaport.inf
*\WINDOWS\inf\ctmaport.PNF
*\WINDOWS\inf\cyclad-z.inf
*\WINDOWS\inf\cyclad-z.PNF
*\WINDOWS\inf\cyclom-y.inf
*\WINDOWS\inf\cyclom-y.PNF
*\WINDOWS\inf\cyyport.inf
*\WINDOWS\inf\cyyport.PNF
*\WINDOWS\inf\cyzport.inf
*\WINDOWS\inf\cyzport.PNF
*\WINDOWS\inf\d3dx9_26_x86.inf
*\WINDOWS\inf\d3dx9_26_x86.PNF
*\WINDOWS\inf\defltwk.inf
*\WINDOWS\inf\defltwk.PNF
*\WINDOWS\inf\devxprop.inf
*\WINDOWS\inf\devxprop.PNF
*\WINDOWS\inf\dfrg.inf
*\WINDOWS\inf\dfrg.PNF
*\WINDOWS\inf\dgaport.inf
*\WINDOWS\inf\dgaport.PNF
*\WINDOWS\inf\dgasync.inf
*\WINDOWS\inf\dgasync.PNF
*\WINDOWS\inf\digiasyn.inf
*\WINDOWS\inf\digiasyn.PNF
*\WINDOWS\inf\digiisdn.inf
*\WINDOWS\inf\digiisdn.PNF
*\WINDOWS\inf\digimps.inf
*\WINDOWS\inf\digimps.PNF
*\WINDOWS\inf\digirp.inf
*\WINDOWS\inf\digirp.PNF
*\WINDOWS\inf\digirprt.inf
*\WINDOWS\inf\digirprt.PNF
*\WINDOWS\inf\dimaps.inf
*\WINDOWS\inf\dimaps.PNF
*\WINDOWS\inf\disk.inf
*\WINDOWS\inf\disk.PNF
*\WINDOWS\inf\display.inf
*\WINDOWS\inf\display.PNF
*\WINDOWS\inf\divac.inf
*\WINDOWS\inf\divac.PNF
*\WINDOWS\inf\divasrv.inf
*\WINDOWS\inf\divasrv.PNF
*\WINDOWS\inf\dot4.inf
*\WINDOWS\inf\dot4.PNF
*\WINDOWS\inf\dot4prt.inf
*\WINDOWS\inf\dot4prt.PNF
*\WINDOWS\inf\drm.inf
*\WINDOWS\inf\drm.PNF
*\WINDOWS\inf\drvindex.inf
*\WINDOWS\inf\drvindex.PNF
*\WINDOWS\inf\dshowext.inf
*\WINDOWS\inf\dshowext.PNF
*\WINDOWS\inf\dtcnt5.inf
*\WINDOWS\inf\dtcnt5.PNF
*\WINDOWS\inf\dvd.inf
*\WINDOWS\inf\dvd.PNF
*\WINDOWS\inf\dwup.inf
*\WINDOWS\inf\dwup.PNF
*\WINDOWS\inf\enum1394.inf
*\WINDOWS\inf\enum1394.PNF
*\WINDOWS\inf\epcfw2k.inf
*\WINDOWS\inf\epcfw2k.PNF
*\WINDOWS\inf\epsnmfp.inf
*\WINDOWS\inf\epsnmfp.PNF
*\WINDOWS\inf\epsnscan.inf
*\WINDOWS\inf\epsnscan.PNF
*\WINDOWS\inf\epstw2k.inf
*\WINDOWS\inf\epstw2k.PNF
*\WINDOWS\inf\eqnport.inf
*\WINDOWS\inf\eqnport.PNF
*\WINDOWS\inf\fdc.inf
*\WINDOWS\inf\fdc.PNF
*\WINDOWS\inf\fjtscan.inf
*\WINDOWS\inf\fjtscan.PNF
*\WINDOWS\inf\flash.inf
*\WINDOWS\inf\flash.PNF
*\WINDOWS\inf\flpydisk.inf
*\WINDOWS\inf\flpydisk.PNF
*\WINDOWS\inf\fltmgr.inf
*\WINDOWS\inf\fltmgr.PNF
*\WINDOWS\inf\font.inf
*\WINDOWS\inf\font.PNF
*\WINDOWS\inf\fp40ext.inf
*\WINDOWS\inf\fp40ext.PNF
*\WINDOWS\inf\fsvga.inf
*\WINDOWS\inf\fsvga.PNF
*\WINDOWS\inf\fsvgaadd.inf
*\WINDOWS\inf\fsvgaadd.PNF
*\WINDOWS\inf\fsvgadel.inf
*\WINDOWS\inf\fsvgadel.PNF
*\WINDOWS\inf\fxsocm.inf
*\WINDOWS\inf\fxsocm.PNF
*\WINDOWS\inf\g200.inf
*\WINDOWS\inf\g200.PNF
*\WINDOWS\inf\g400.inf
*\WINDOWS\inf\g400.PNF
*\WINDOWS\inf\gameport.inf
*\WINDOWS\inf\gameport.PNF
*\WINDOWS\inf\genprint.inf
*\WINDOWS\inf\genprint.PNF
*\WINDOWS\inf\hal.inf
*\WINDOWS\inf\hal.PNF
*\WINDOWS\inf\hidbth.inf
*\WINDOWS\inf\hidbth.PNF
*\WINDOWS\inf\HidDigi.inf
*\WINDOWS\inf\HidDigi.PNF
*\WINDOWS\inf\hidserv.inf
*\WINDOWS\inf\hidserv.PNF
*\WINDOWS\inf\hpdigwia.inf
*\WINDOWS\inf\hpdigwia.PNF
*\WINDOWS\inf\hpojscan.inf
*\WINDOWS\inf\hpojscan.PNF
*\WINDOWS\inf\hpscan.inf
*\WINDOWS\inf\hpscan.PNF
*\WINDOWS\inf\i740nt5.inf
*\WINDOWS\inf\i740nt5.PNF
*\WINDOWS\inf\i81xnt5.inf
*\WINDOWS\inf\i81xnt5.PNF
*\WINDOWS\inf\ibmvcap.inf
*\WINDOWS\inf\ibmvcap.PNF
*\WINDOWS\inf\icam3.inf
*\WINDOWS\inf\icam3.PNF
*\WINDOWS\inf\icam4usb.inf
*\WINDOWS\inf\icam4usb.PNF
*\WINDOWS\inf\icam5usb.inf
*\WINDOWS\inf\icam5usb.PNF
*\WINDOWS\inf\icminst.inf
*\WINDOWS\inf\icminst.PNF
*\WINDOWS\inf\icwnt5.inf
*\WINDOWS\inf\icwnt5.PNF
*\WINDOWS\inf\ie.inf
*\WINDOWS\inf\ie.PNF
*\WINDOWS\inf\ieaccess.inf
*\WINDOWS\inf\ieaccess.PNF
*\WINDOWS\inf\iereset.inf
*\WINDOWS\inf\iereset.PNF
*\WINDOWS\inf\iis.inf
*\WINDOWS\inf\iis.PNF
*\WINDOWS\inf\image.inf
*\WINDOWS\inf\image.PNF
*\WINDOWS\inf\ims.inf
*\WINDOWS\inf\ims.PNF
*\WINDOWS\inf\inetcorp.adm
*\WINDOWS\inf\inetres.adm
*\WINDOWS\inf\inetset.adm
*\WINDOWS\inf\INFCACHE.1
*\WINDOWS\inf\input.inf
*\WINDOWS\inf\input.PNF
*\WINDOWS\inf\intl.inf
*\WINDOWS\inf\intl.PNF
*\WINDOWS\inf\irbus.inf
*\WINDOWS\inf\irbus.PNF
*\WINDOWS\inf\irdaalif.inf
*\WINDOWS\inf\irdaalif.PNF
*\WINDOWS\inf\irdasmc.inf
*\WINDOWS\inf\irdasmc.PNF
*\WINDOWS\inf\irmk7w2k.inf
*\WINDOWS\inf\irmk7w2k.PNF
*\WINDOWS\inf\irnsc.inf
*\WINDOWS\inf\irnsc.PNF
*\WINDOWS\inf\irstusb.inf
*\WINDOWS\inf\irstusb.PNF
*\WINDOWS\inf\irtos4mo.inf
*\WINDOWS\inf\irtos4mo.PNF
*\WINDOWS\inf\kdk2x0.inf
*\WINDOWS\inf\kdk2x0.PNF
*\WINDOWS\inf\kdkscan.inf
*\WINDOWS\inf\kdkscan.PNF
*\WINDOWS\inf\keyboard.inf
*\WINDOWS\inf\keyboard.PNF
*\WINDOWS\inf\kodak.inf
*\WINDOWS\inf\kodak.PNF
*\WINDOWS\inf\ks.inf
*\WINDOWS\inf\ks.PNF
*\WINDOWS\inf\kscaptur.inf
*\WINDOWS\inf\kscaptur.PNF
*\WINDOWS\inf\ksfilter.inf
*\WINDOWS\inf\ksfilter.PNF
*\WINDOWS\inf\layout.inf
*\WINDOWS\inf\LAYOUT.PNF
*\WINDOWS\inf\legcydrv.inf
*\WINDOWS\inf\legcydrv.PNF
*\WINDOWS\inf\lwngmadi.inf
*\WINDOWS\inf\lwngmadi.PNF
*\WINDOWS\inf\lwusbhid.inf
*\WINDOWS\inf\lwusbhid.PNF
*\WINDOWS\inf\machine.inf
*\WINDOWS\inf\machine.PNF
*\WINDOWS\inf\mchgr.inf
*\WINDOWS\inf\mchgr.PNF
*\WINDOWS\inf\mdac.inf
*\WINDOWS\inf\mdac.PNF
*\WINDOWS\inf\mdm3com.inf
*\WINDOWS\inf\mdm3com.PNF
*\WINDOWS\inf\mdm3cpcm.inf
*\WINDOWS\inf\mdm3cpcm.PNF
*\WINDOWS\inf\mdm3mini.inf
*\WINDOWS\inf\mdm3mini.PNF
*\WINDOWS\inf\mdm5674a.inf
*\WINDOWS\inf\mdm5674a.PNF
*\WINDOWS\inf\mdm656n5.inf
*\WINDOWS\inf\mdm656n5.PNF
*\WINDOWS\inf\mdmadc.inf
*\WINDOWS\inf\mdmadc.PNF
*\WINDOWS\inf\mdmairte.inf
*\WINDOWS\inf\mdmairte.PNF
*\WINDOWS\inf\mdmaiwa.inf
*\WINDOWS\inf\mdmaiwa.PNF
*\WINDOWS\inf\mdmaiwa3.inf
*\WINDOWS\inf\mdmaiwa3.PNF
*\WINDOWS\inf\mdmaiwa4.inf
*\WINDOWS\inf\mdmaiwa4.PNF
*\WINDOWS\inf\mdmaiwa5.inf
*\WINDOWS\inf\mdmaiwa5.PNF
*\WINDOWS\inf\mdmaiwat.inf
*\WINDOWS\inf\mdmaiwat.PNF
*\WINDOWS\inf\mdmar1.inf
*\WINDOWS\inf\mdmar1.PNF
*\WINDOWS\inf\mdmarch.inf
*\WINDOWS\inf\mdmarch.PNF
*\WINDOWS\inf\mdmarn.inf
*\WINDOWS\inf\mdmarn.PNF
*\WINDOWS\inf\mdmati.inf
*\WINDOWS\inf\mdmati.PNF
*\WINDOWS\inf\mdmatm2k.inf
*\WINDOWS\inf\mdmatm2k.PNF
*\WINDOWS\inf\mdmatt.inf
*\WINDOWS\inf\mdmatt.PNF
*\WINDOWS\inf\mdmaus.inf
*\WINDOWS\inf\mdmaus.PNF
*\WINDOWS\inf\mdmbcmsm.inf
*\WINDOWS\inf\mdmbcmsm.PNF
*\WINDOWS\inf\mdmboca.inf
*\WINDOWS\inf\mdmboca.PNF
*\WINDOWS\inf\mdmbsb.inf
*\WINDOWS\inf\mdmbsb.PNF
*\WINDOWS\inf\mdmbtmdm.inf
*\WINDOWS\inf\mdmbtmdm.PNF
*\WINDOWS\inf\mdmbug3.inf
*\WINDOWS\inf\mdmbug3.PNF
*\WINDOWS\inf\mdmbw561.INF
*\WINDOWS\inf\mdmbw561.PNF
*\WINDOWS\inf\mdmc26a.INF
*\WINDOWS\inf\mdmc26a.PNF
*\WINDOWS\inf\mdmcdp.inf
*\WINDOWS\inf\mdmcdp.PNF
*\WINDOWS\inf\mdmchipv.inf
*\WINDOWS\inf\mdmchipv.PNF
*\WINDOWS\inf\mdmcm28.inf
*\WINDOWS\inf\mdmcm28.PNF
*\WINDOWS\inf\mdmcodex.inf
*\WINDOWS\inf\mdmcodex.PNF
*\WINDOWS\inf\mdmcom1.inf
*\WINDOWS\inf\mdmcom1.PNF
*\WINDOWS\inf\mdmcommu.inf
*\WINDOWS\inf\mdmcommu.PNF
*\WINDOWS\inf\mdmcomp.inf
*\WINDOWS\inf\mdmcomp.PNF
*\WINDOWS\inf\mdmcpq.inf
*\WINDOWS\inf\mdmcpq.PNF
*\WINDOWS\inf\mdmcpq2.inf
*\WINDOWS\inf\mdmcpq2.PNF
*\WINDOWS\inf\mdmcpv.inf
*\WINDOWS\inf\mdmcpv.PNF
*\WINDOWS\inf\mdmcrtix.inf
*\WINDOWS\inf\mdmcrtix.PNF
*\WINDOWS\inf\mdmcxsf2.inf
*\WINDOWS\inf\mdmcxsf2.PNF
*\WINDOWS\inf\mdmcxsft.inf
*\WINDOWS\inf\mdmcxsft.PNF
*\WINDOWS\inf\mdmdcm5.inf
*\WINDOWS\inf\mdmdcm5.PNF
*\WINDOWS\inf\mdmdcm6.inf
*\WINDOWS\inf\mdmdcm6.PNF
*\WINDOWS\inf\mdmdf56F.inf
*\WINDOWS\inf\mdmdf56F.PNF
*\WINDOWS\inf\mdmdgden.inf
*\WINDOWS\inf\mdmdgden.PNF
*\WINDOWS\inf\mdmdgitn.inf
*\WINDOWS\inf\mdmdgitn.PNF
*\WINDOWS\inf\mdmdigi.inf
*\WINDOWS\inf\mdmdigi.PNF
*\WINDOWS\inf\mdmdp2.inf
*\WINDOWS\inf\mdmdp2.PNF
*\WINDOWS\inf\mdmdsi.inf
*\WINDOWS\inf\mdmdsi.PNF
*\WINDOWS\inf\mdmdyna.inf
*\WINDOWS\inf\mdmdyna.PNF
*\WINDOWS\inf\mdmeiger.inf
*\WINDOWS\inf\mdmeiger.PNF
*\WINDOWS\inf\mdmelsa.inf
*\WINDOWS\inf\mdmelsa.PNF
*\WINDOWS\inf\mdmeric.inf
*\WINDOWS\inf\mdmeric.PNF
*\WINDOWS\inf\mdmeric2.inf
*\WINDOWS\inf\mdmeric2.PNF
*\WINDOWS\inf\mdmess.inf
*\WINDOWS\inf\mdmess.PNF
*\WINDOWS\inf\mdmetech.inf
*\WINDOWS\inf\mdmetech.PNF
*\WINDOWS\inf\mdmexp.inf
*\WINDOWS\inf\mdmexp.PNF
*\WINDOWS\inf\mdmfj2.inf
*\WINDOWS\inf\mdmfj2.PNF
*\WINDOWS\inf\mdmgatew.inf
*\WINDOWS\inf\mdmgatew.PNF
*\WINDOWS\inf\mdmgcs.inf
*\WINDOWS\inf\mdmgcs.PNF
*\WINDOWS\inf\mdmgen.inf
*\WINDOWS\inf\mdmgen.PNF
*\WINDOWS\inf\mdmgl001.inf
*\WINDOWS\inf\mdmgl001.PNF
*\WINDOWS\inf\mdmgl002.inf
*\WINDOWS\inf\mdmgl002.PNF
*\WINDOWS\inf\mdmgl003.inf
*\WINDOWS\inf\mdmgl003.PNF
*\WINDOWS\inf\mdmgl004.inf
*\WINDOWS\inf\mdmgl004.PNF
*\WINDOWS\inf\mdmgl005.inf
*\WINDOWS\inf\mdmgl005.PNF
*\WINDOWS\inf\mdmgl006.inf
*\WINDOWS\inf\mdmgl006.PNF
*\WINDOWS\inf\mdmgl007.inf
*\WINDOWS\inf\mdmgl007.PNF
*\WINDOWS\inf\mdmgl008.inf
*\WINDOWS\inf\mdmgl008.PNF
*\WINDOWS\inf\mdmgl009.inf
*\WINDOWS\inf\mdmgl009.PNF
*\WINDOWS\inf\mdmgl010.inf
*\WINDOWS\inf\mdmgl010.PNF
*\WINDOWS\inf\mdmgsm.inf
*\WINDOWS\inf\mdmgsm.PNF
*\WINDOWS\inf\mdmhaeu.inf
*\WINDOWS\inf\mdmhaeu.PNF
*\WINDOWS\inf\mdmhamrw.inf
*\WINDOWS\inf\mdmhamrw.PNF
*\WINDOWS\inf\mdmhandy.inf
*\WINDOWS\inf\mdmhandy.PNF
*\WINDOWS\inf\mdmhay2.inf
*\WINDOWS\inf\mdmhay2.PNF
*\WINDOWS\inf\mdmhayes.inf
*\WINDOWS\inf\mdmhayes.PNF
*\WINDOWS\inf\mdminfot.inf
*\WINDOWS\inf\mdminfot.PNF
*\WINDOWS\inf\mdmintel.inf
*\WINDOWS\inf\mdmintel.PNF
*\WINDOWS\inf\mdmiodat.inf
*\WINDOWS\inf\mdmiodat.PNF
*\WINDOWS\inf\mdmirmdm.inf
*\WINDOWS\inf\mdmirmdm.PNF
*\WINDOWS\inf\mdmisdn.inf
*\WINDOWS\inf\mdmisdn.PNF
*\WINDOWS\inf\MDMJF56E.INF
*\WINDOWS\inf\MDMJF56E.PNF
*\WINDOWS\inf\mdmke.inf
*\WINDOWS\inf\mdmke.PNF
*\WINDOWS\inf\mdmkortx.inf
*\WINDOWS\inf\mdmkortx.PNF
*\WINDOWS\inf\mdmlasat.inf
*\WINDOWS\inf\mdmlasat.PNF
*\WINDOWS\inf\mdmlasno.inf
*\WINDOWS\inf\mdmlasno.PNF
*\WINDOWS\inf\mdmlt3.inf
*\WINDOWS\inf\mdmlt3.PNF
*\WINDOWS\inf\mdmltleo.inf
*\WINDOWS\inf\mdmltleo.PNF
*\WINDOWS\inf\mdmltsft.inf
*\WINDOWS\inf\mdmltsft.PNF
*\WINDOWS\inf\mdmlucnt.inf
*\WINDOWS\inf\mdmlucnt.PNF
*\WINDOWS\inf\mdmmc288.inf
*\WINDOWS\inf\mdmmc288.PNF
*\WINDOWS\inf\mdmmcd.inf
*\WINDOWS\inf\mdmmcd.PNF
*\WINDOWS\inf\mdmmcom.inf
*\WINDOWS\inf\mdmmcom.PNF
*\WINDOWS\inf\mdmmct.inf
*\WINDOWS\inf\mdmmct.PNF
*\WINDOWS\inf\mdmmega.inf
*\WINDOWS\inf\mdmmega.PNF
*\WINDOWS\inf\mdmmetri.inf
*\WINDOWS\inf\mdmmetri.PNF
*\WINDOWS\inf\mdmmhrtz.inf
*\WINDOWS\inf\mdmmhrtz.PNF
*\WINDOWS\inf\mdmmhza.inf
*\WINDOWS\inf\mdmmhza.PNF
*\WINDOWS\inf\mdmmhzel.inf
*\WINDOWS\inf\mdmmhzel.PNF
*\WINDOWS\inf\mdmmhzk1.inf
*\WINDOWS\inf\mdmmhzk1.PNF
*\WINDOWS\inf\mdmminij.inf
*\WINDOWS\inf\mdmminij.PNF
*\WINDOWS\inf\mdmmod.inf
*\WINDOWS\inf\mdmmod.PNF
*\WINDOWS\inf\mdmmoto.inf
*\WINDOWS\inf\mdmmoto.PNF
*\WINDOWS\inf\mdmmoto1.inf
*\WINDOWS\inf\mdmmoto1.PNF
*\WINDOWS\inf\mdmmotou.inf
*\WINDOWS\inf\mdmmotou.PNF
*\WINDOWS\inf\mdmmts.inf
*\WINDOWS\inf\mdmmts.PNF
*\WINDOWS\inf\mdmneuhs.inf
*\WINDOWS\inf\mdmneuhs.PNF
*\WINDOWS\inf\Mdmnis1u.inf
*\WINDOWS\inf\Mdmnis1u.PNF
*\WINDOWS\inf\Mdmnis2u.inf
*\WINDOWS\inf\Mdmnis2u.PNF
*\WINDOWS\inf\Mdmnis3t.inf
*\WINDOWS\inf\Mdmnis3t.PNF
*\WINDOWS\inf\Mdmnis5t.inf
*\WINDOWS\inf\Mdmnis5t.PNF
*\WINDOWS\inf\mdmnokia.inf
*\WINDOWS\inf\mdmnokia.PNF
*\WINDOWS\inf\mdmnova.inf
*\WINDOWS\inf\mdmnova.PNF
*\WINDOWS\inf\mdmntstm.inf
*\WINDOWS\inf\mdmntstm.PNF
*\WINDOWS\inf\mdmntt1.INF
*\WINDOWS\inf\mdmntt1.PNF
*\WINDOWS\inf\mdmnttd2.inf
*\WINDOWS\inf\mdmnttd2.PNF
*\WINDOWS\inf\mdmnttd6.inf
*\WINDOWS\inf\mdmnttd6.PNF
*\WINDOWS\inf\mdmnttme.INF
*\WINDOWS\inf\mdmnttme.PNF
*\WINDOWS\inf\mdmnttp.inf
*\WINDOWS\inf\mdmnttp.PNF
*\WINDOWS\inf\mdmnttp2.inf
*\WINDOWS\inf\mdmnttp2.PNF
*\WINDOWS\inf\mdmnttte.inf
*\WINDOWS\inf\mdmnttte.PNF
*\WINDOWS\inf\mdmolic.inf
*\WINDOWS\inf\mdmolic.PNF
*\WINDOWS\inf\mdmomrn3.inf
*\WINDOWS\inf\mdmomrn3.PNF
*\WINDOWS\inf\mdmoptn.inf
*\WINDOWS\inf\mdmoptn.PNF
*\WINDOWS\inf\mdmosi.inf
*\WINDOWS\inf\mdmosi.PNF
*\WINDOWS\inf\mdmosice.inf
*\WINDOWS\inf\mdmosice.PNF
*\WINDOWS\inf\mdmpace.inf
*\WINDOWS\inf\mdmpace.PNF
*\WINDOWS\inf\mdmpbit.inf
*\WINDOWS\inf\mdmpbit.PNF
*\WINDOWS\inf\mdmpctel.inf
*\WINDOWS\inf\mdmpctel.PNF
*\WINDOWS\inf\mdmpenr.inf
*\WINDOWS\inf\mdmpenr.PNF
*\WINDOWS\inf\mdmpin.inf
*\WINDOWS\inf\mdmpin.PNF
*\WINDOWS\inf\mdmpn1.inf
*\WINDOWS\inf\mdmpn1.PNF
*\WINDOWS\inf\mdmpp.inf
*\WINDOWS\inf\mdmpp.PNF
*\WINDOWS\inf\mdmpsion.inf
*\WINDOWS\inf\mdmpsion.PNF
*\WINDOWS\inf\mdmracal.inf
*\WINDOWS\inf\mdmracal.PNF
*\WINDOWS\inf\mdmrisa.inf
*\WINDOWS\inf\mdmrisa.PNF
*\WINDOWS\inf\mdmrock.inf
*\WINDOWS\inf\mdmrock.PNF
*\WINDOWS\inf\mdmrock3.inf
*\WINDOWS\inf\mdmrock3.PNF
*\WINDOWS\inf\mdmrock4.inf
*\WINDOWS\inf\mdmrock4.PNF
*\WINDOWS\inf\mdmrock5.inf
*\WINDOWS\inf\mdmrock5.PNF
*\WINDOWS\inf\mdmrpci.inf
*\WINDOWS\inf\mdmrpci.PNF
*\WINDOWS\inf\mdmrpciw.inf
*\WINDOWS\inf\mdmrpciw.PNF
*\WINDOWS\inf\mdmsetup.inf
*\WINDOWS\inf\mdmsetup.PNF
*\WINDOWS\inf\mdmsgsml.inf
*\WINDOWS\inf\mdmsgsml.PNF
*\WINDOWS\inf\mdmsgsmu.inf
*\WINDOWS\inf\mdmsgsmu.PNF
*\WINDOWS\inf\mdmsier.inf
*\WINDOWS\inf\mdmsier.PNF
*\WINDOWS\inf\mdmsii64.INF
*\WINDOWS\inf\mdmsii64.PNF
*\WINDOWS\inf\mdmsiil6.INF
*\WINDOWS\inf\mdmsiil6.PNF
*\WINDOWS\inf\mdmsmart.inf
*\WINDOWS\inf\mdmsmart.PNF
*\WINDOWS\inf\mdmsonyu.inf
*\WINDOWS\inf\mdmsonyu.PNF
*\WINDOWS\inf\mdmspq28.inf
*\WINDOWS\inf\mdmspq28.PNF
*\WINDOWS\inf\mdmsun1.inf
*\WINDOWS\inf\mdmsun1.PNF
*\WINDOWS\inf\mdmsun2.inf
*\WINDOWS\inf\mdmsun2.PNF
*\WINDOWS\inf\mdmsupr3.inf
*\WINDOWS\inf\mdmsupr3.PNF
*\WINDOWS\inf\mdmsupra.inf
*\WINDOWS\inf\mdmsupra.PNF
*\WINDOWS\inf\mdmsuprv.inf
*\WINDOWS\inf\mdmsuprv.PNF
*\WINDOWS\inf\mdmtdk.inf
*\WINDOWS\inf\mdmtdk.PNF
*\WINDOWS\inf\mdmtdkj2.inf
*\WINDOWS\inf\mdmtdkj2.PNF
*\WINDOWS\inf\mdmtdkj3.inf
*\WINDOWS\inf\mdmtdkj3.PNF
*\WINDOWS\inf\mdmtdkj4.inf
*\WINDOWS\inf\mdmtdkj4.PNF
*\WINDOWS\inf\mdmtdkj5.inf
*\WINDOWS\inf\mdmtdkj5.PNF
*\WINDOWS\inf\mdmtdkj6.inf
*\WINDOWS\inf\mdmtdkj6.PNF
*\WINDOWS\inf\mdmtdkj7.inf
*\WINDOWS\inf\mdmtdkj7.PNF
*\WINDOWS\inf\mdmtexas.inf
*\WINDOWS\inf\mdmtexas.PNF
*\WINDOWS\inf\mdmti.inf
*\WINDOWS\inf\mdmti.PNF
*\WINDOWS\inf\mdmtosh.inf
*\WINDOWS\inf\mdmtosh.PNF
*\WINDOWS\inf\mdmtron.inf
*\WINDOWS\inf\mdmtron.PNF
*\WINDOWS\inf\mdmusrf.inf
*\WINDOWS\inf\mdmusrf.PNF
*\WINDOWS\inf\mdmusrg.inf
*\WINDOWS\inf\mdmusrg.PNF
*\WINDOWS\inf\mdmusrgl.inf
*\WINDOWS\inf\mdmusrgl.PNF
*\WINDOWS\inf\mdmusrk1.inf
*\WINDOWS\inf\mdmusrk1.PNF
*\WINDOWS\inf\mdmusrsp.inf
*\WINDOWS\inf\mdmusrsp.PNF
*\WINDOWS\inf\mdmvdot.inf
*\WINDOWS\inf\mdmvdot.PNF
*\WINDOWS\inf\mdmvv.inf
*\WINDOWS\inf\mdmvv.PNF
*\WINDOWS\inf\mdmwhql0.inf
*\WINDOWS\inf\mdmwhql0.PNF
*\WINDOWS\inf\mdmx5560.inf
*\WINDOWS\inf\mdmx5560.PNF
*\WINDOWS\inf\mdmxircc.inf
*\WINDOWS\inf\mdmxircc.PNF
*\WINDOWS\inf\mdmxirmp.inf
*\WINDOWS\inf\mdmxirmp.PNF
*\WINDOWS\inf\mdmzoom.inf
*\WINDOWS\inf\mdmzoom.PNF
*\WINDOWS\inf\mdmzyp.inf
*\WINDOWS\inf\mdmzyp.PNF
*\WINDOWS\inf\mdmzyxel.inf
*\WINDOWS\inf\mdmzyxel.PNF
*\WINDOWS\inf\mdmzyxlg.inf
*\WINDOWS\inf\mdmzyxlg.PNF
*\WINDOWS\inf\medctroc.inf
*\WINDOWS\inf\medctroc.PNF
*\WINDOWS\inf\memcard.inf
*\WINDOWS\inf\memcard.PNF
*\WINDOWS\inf\memstpci.inf
*\WINDOWS\inf\memstpci.PNF
*\WINDOWS\inf\mf.inf
*\WINDOWS\inf\mf.PNF
*\WINDOWS\inf\mfcem28.inf
*\WINDOWS\inf\mfcem28.PNF
*\WINDOWS\inf\mfcem33.inf
*\WINDOWS\inf\mfcem33.PNF
*\WINDOWS\inf\mfcem56.inf
*\WINDOWS\inf\mfcem56.PNF
*\WINDOWS\inf\mff56n5.inf
*\WINDOWS\inf\mff56n5.PNF
*\WINDOWS\inf\mflm.inf
*\WINDOWS\inf\mflm.PNF
*\WINDOWS\inf\mflm56.inf
*\WINDOWS\inf\mflm56.PNF
*\WINDOWS\inf\mfmhzn5.inf
*\WINDOWS\inf\mfmhzn5.PNF
*\WINDOWS\inf\mfosi5.inf
*\WINDOWS\inf\mfosi5.PNF
*\WINDOWS\inf\mfsocket.inf
*\WINDOWS\inf\mfsocket.PNF
*\WINDOWS\inf\mfsupra.inf
*\WINDOWS\inf\mfsupra.PNF
*\WINDOWS\inf\mfx56nf.inf
*\WINDOWS\inf\mfx56nf.PNF
*\WINDOWS\inf\mgau.inf
*\WINDOWS\inf\mgau.PNF
*\WINDOWS\inf\minioc.inf
*\WINDOWS\inf\minioc.PNF
*\WINDOWS\inf\mmopt.inf
*\WINDOWS\inf\mmopt.PNF
*\WINDOWS\inf\modemcsa.inf
*\WINDOWS\inf\modemcsa.PNF
*\WINDOWS\inf\monitor.inf
*\WINDOWS\inf\monitor.PNF
*\WINDOWS\inf\monitor2.inf
*\WINDOWS\inf\monitor2.PNF
*\WINDOWS\inf\monitor3.inf
*\WINDOWS\inf\monitor3.PNF
*\WINDOWS\inf\monitor4.inf
*\WINDOWS\inf\monitor4.PNF
*\WINDOWS\inf\monitor5.inf
*\WINDOWS\inf\monitor5.PNF
*\WINDOWS\inf\monitor6.inf
*\WINDOWS\inf\monitor6.PNF
*\WINDOWS\inf\monitor7.inf
*\WINDOWS\inf\monitor7.PNF
*\WINDOWS\inf\monitor8.inf
*\WINDOWS\inf\monitor8.PNF
*\WINDOWS\inf\moviemk.inf
*\WINDOWS\inf\moviemk.PNF
*\WINDOWS\inf\mpe.inf
*\WINDOWS\inf\mpe.PNF
*\WINDOWS\inf\mplayer2.inf
*\WINDOWS\inf\mplayer2.PNF
*\WINDOWS\inf\mpsstln.inf
*\WINDOWS\inf\mpsstln.PNF
*\WINDOWS\inf\mqsysoc.inf
*\WINDOWS\inf\mqsysoc.PNF
*\WINDOWS\inf\mscpqpa1.inf
*\WINDOWS\inf\mscpqpa1.PNF
*\WINDOWS\inf\msdv.inf
*\WINDOWS\inf\msdv.PNF
*\WINDOWS\inf\mshdc.inf
*\WINDOWS\inf\mshdc.PNF
*\WINDOWS\inf\msinfo32.inf
*\WINDOWS\inf\msinfo32.PNF
*\WINDOWS\inf\msmouse.inf
*\WINDOWS\inf\msmouse.PNF
*\WINDOWS\inf\msmqocm.inf
*\WINDOWS\inf\msmqocm.PNF
*\WINDOWS\inf\msmscsi.inf
*\WINDOWS\inf\msmscsi.PNF
*\WINDOWS\inf\msmusb.inf
*\WINDOWS\inf\msmusb.PNF
*\WINDOWS\inf\msnetmtg.inf
*\WINDOWS\inf\msnetmtg.PNF
*\WINDOWS\inf\msnike.inf
*\WINDOWS\inf\msnike.PNF
*\WINDOWS\inf\msoe50.inf
*\WINDOWS\inf\msoe50.PNF
*\WINDOWS\inf\msports.inf
*\WINDOWS\inf\msports.PNF
*\WINDOWS\inf\msrio.inf
*\WINDOWS\inf\msrio.PNF
*\WINDOWS\inf\msrio8.inf
*\WINDOWS\inf\msrio8.PNF
*\WINDOWS\inf\mstape.inf
*\WINDOWS\inf\mstape.PNF
*\WINDOWS\inf\mstask.inf
*\WINDOWS\inf\mstask.PNF
*\WINDOWS\inf\mswmp.inf
*\WINDOWS\inf\mswmp.PNF
*\WINDOWS\inf\mtxvideo.inf
*\WINDOWS\inf\mtxvideo.PNF
*\WINDOWS\inf\multimed.inf
*\WINDOWS\inf\multimed.PNF
*\WINDOWS\inf\multiprt.inf
*\WINDOWS\inf\multiprt.PNF
*\WINDOWS\inf\mwavmdm1.inf
*\WINDOWS\inf\mwavmdm1.PNF
*\WINDOWS\inf\mwmbatam.inf
*\WINDOWS\inf\mwmbatam.PNF
*\WINDOWS\inf\mwremove.inf
*\WINDOWS\inf\mwremove.PNF
*\WINDOWS\inf\mwtpdsp.inf
*\WINDOWS\inf\mwtpdsp.PNF
*\WINDOWS\inf\mxboard.inf
*\WINDOWS\inf\mxboard.PNF
*\WINDOWS\inf\mxport.inf
*\WINDOWS\inf\mxport.PNF
*\WINDOWS\inf\mymusic.inf
*\WINDOWS\inf\mymusic.PNF
*\WINDOWS\inf\nabtsfec.inf
*\WINDOWS\inf\nabtsfec.PNF
*\WINDOWS\inf\ndisip.inf
*\WINDOWS\inf\ndisip.PNF
*\WINDOWS\inf\ndisuio.inf
*\WINDOWS\inf\ndisuio.PNF
*\WINDOWS\inf\neo20xx.inf
*\WINDOWS\inf\neo20xx.PNF
*\WINDOWS\inf\net10.inf
*\WINDOWS\inf\net10.PNF
*\WINDOWS\inf\net1394.inf
*\WINDOWS\inf\net1394.PNF
*\WINDOWS\inf\net21x4.inf
*\WINDOWS\inf\net21x4.PNF
*\WINDOWS\inf\net3c556.inf
*\WINDOWS\inf\net3c556.PNF
*\WINDOWS\inf\net3c589.inf
*\WINDOWS\inf\net3c589.PNF
*\WINDOWS\inf\net3c985.inf
*\WINDOWS\inf\net3c985.PNF
*\WINDOWS\inf\net3sr.inf
*\WINDOWS\inf\net3sr.PNF
*\WINDOWS\inf\net5515n.inf
*\WINDOWS\inf\net5515n.PNF
*\WINDOWS\inf\net557.inf
*\WINDOWS\inf\net557.PNF
*\WINDOWS\inf\net559ib.inf
*\WINDOWS\inf\net559ib.PNF
*\WINDOWS\inf\net575nt.inf
*\WINDOWS\inf\net575nt.PNF
*\WINDOWS\inf\net650d.inf
*\WINDOWS\inf\net650d.PNF
*\WINDOWS\inf\net656c5.inf
*\WINDOWS\inf\net656c5.PNF
*\WINDOWS\inf\net656n5.inf
*\WINDOWS\inf\net656n5.PNF
*\WINDOWS\inf\net713.inf
*\WINDOWS\inf\net713.PNF
*\WINDOWS\inf\net83820.inf
*\WINDOWS\inf\net83820.PNF
*\WINDOWS\inf\net8511.inf
*\WINDOWS\inf\net8511.PNF
*\WINDOWS\inf\netali.inf
*\WINDOWS\inf\netali.PNF
*\WINDOWS\inf\netambi.inf
*\WINDOWS\inf\netambi.PNF
*\WINDOWS\inf\netamd.inf
*\WINDOWS\inf\netamd.PNF
*\WINDOWS\inf\netamd2.inf
*\WINDOWS\inf\netamd2.PNF
*\WINDOWS\inf\netamdhl.inf
*\WINDOWS\inf\netamdhl.PNF
*\WINDOWS\inf\netan983.inf
*\WINDOWS\inf\netan983.PNF
*\WINDOWS\inf\netana.inf
*\WINDOWS\inf\netana.PNF
*\WINDOWS\inf\netasp2k.inf
*\WINDOWS\inf\netasp2k.PNF
*\WINDOWS\inf\netauni.inf
*\WINDOWS\inf\netauni.PNF
*\WINDOWS\inf\netb57xp.inf
*\WINDOWS\inf\netb57xp.PNF
*\WINDOWS\inf\netbcm4e.inf
*\WINDOWS\inf\netbcm4e.PNF
*\WINDOWS\inf\netbcm4p.inf
*\WINDOWS\inf\netbcm4p.PNF
*\WINDOWS\inf\netbcm4u.inf
*\WINDOWS\inf\netbcm4u.PNF
*\WINDOWS\inf\netbeac.inf
*\WINDOWS\inf\netbeac.PNF
*\WINDOWS\inf\netbrdgm.inf
*\WINDOWS\inf\netbrdgm.PNF
*\WINDOWS\inf\netbrdgs.inf
*\WINDOWS\inf\netbrdgs.PNF
*\WINDOWS\inf\netbrzw.inf
*\WINDOWS\inf\netbrzw.PNF
*\WINDOWS\inf\netcb102.inf
*\WINDOWS\inf\netcb102.PNF
*\WINDOWS\inf\netcb325.inf
*\WINDOWS\inf\netcb325.PNF
*\WINDOWS\inf\netcbe.inf
*\WINDOWS\inf\netcbe.PNF
*\WINDOWS\inf\netce2.inf
*\WINDOWS\inf\netce2.PNF
*\WINDOWS\inf\netce3.inf
*\WINDOWS\inf\netce3.PNF
*\WINDOWS\inf\netcem28.inf
*\WINDOWS\inf\netcem28.PNF
*\WINDOWS\inf\netcem33.inf
*\WINDOWS\inf\netcem33.PNF
*\WINDOWS\inf\netcem56.inf
*\WINDOWS\inf\netcem56.PNF
*\WINDOWS\inf\netcicap.inf
*\WINDOWS\inf\netcicap.PNF
*\WINDOWS\inf\netcis.inf
*\WINDOWS\inf\netcis.PNF
*\WINDOWS\inf\netclass.inf
*\WINDOWS\inf\netclass.PNF
*\WINDOWS\inf\netcpqc.inf
*\WINDOWS\inf\netcpqc.PNF
*\WINDOWS\inf\netcpqg.inf
*\WINDOWS\inf\netcpqg.PNF
*\WINDOWS\inf\netcpqi.inf
*\WINDOWS\inf\netcpqi.PNF
*\WINDOWS\inf\netcpqmt.inf
*\WINDOWS\inf\netcpqmt.PNF
*\WINDOWS\inf\netctmrk.inf
*\WINDOWS\inf\netctmrk.PNF
*\WINDOWS\inf\netdav.inf
*\WINDOWS\inf\netdav.PNF
*\WINDOWS\inf\netdefxa.inf
*\WINDOWS\inf\netdefxa.PNF
*\WINDOWS\inf\netdf650.inf
*\WINDOWS\inf\netdf650.PNF
*\WINDOWS\inf\netdgdxb.inf
*\WINDOWS\inf\netdgdxb.PNF
*\WINDOWS\inf\netdlh5x.inf
*\WINDOWS\inf\netdlh5x.PNF
*\WINDOWS\inf\netdm.inf
*\WINDOWS\inf\netdm.PNF
*\WINDOWS\inf\nete1000.inf
*\WINDOWS\inf\nete1000.PNF
*\WINDOWS\inf\nete100i.inf
*\WINDOWS\inf\nete100i.PNF
*\WINDOWS\inf\netejxmp.inf
*\WINDOWS\inf\netejxmp.PNF
*\WINDOWS\inf\netel515.inf
*\WINDOWS\inf\netel515.PNF
*\WINDOWS\inf\netel574.inf
*\WINDOWS\inf\netel574.PNF
*\WINDOWS\inf\netel5x9.inf
*\WINDOWS\inf\netel5x9.PNF
*\WINDOWS\inf\netel90a.inf
*\WINDOWS\inf\netel90a.PNF
*\WINDOWS\inf\netel90b.inf
*\WINDOWS\inf\netel90b.PNF
*\WINDOWS\inf\netel980.inf
*\WINDOWS\inf\netel980.PNF
*\WINDOWS\inf\netel99x.inf
*\WINDOWS\inf\netel99x.PNF
*\WINDOWS\inf\netepicn.inf
*\WINDOWS\inf\netepicn.PNF
*\WINDOWS\inf\netepro.inf
*\WINDOWS\inf\netepro.PNF
*\WINDOWS\inf\netepvcm.inf
*\WINDOWS\inf\netepvcm.PNF
*\WINDOWS\inf\netepvcp.inf
*\WINDOWS\inf\netepvcp.PNF
*\WINDOWS\inf\netex10.inf
*\WINDOWS\inf\netex10.PNF
*\WINDOWS\inf\netf56n5.inf
*\WINDOWS\inf\netf56n5.PNF
*\WINDOWS\inf\netfa312.inf
*\WINDOWS\inf\netfa312.PNF
*\WINDOWS\inf\netfa410.inf
*\WINDOWS\inf\netfa410.PNF
*\WINDOWS\inf\netfjvi.inf
*\WINDOWS\inf\netfjvi.PNF
*\WINDOWS\inf\netfjvj.inf
*\WINDOWS\inf\netfjvj.PNF
*\WINDOWS\inf\netfore.inf
*\WINDOWS\inf\netfore.PNF
*\WINDOWS\inf\netforeh.inf
*\WINDOWS\inf\netforeh.PNF
*\WINDOWS\inf\netfw.inf
*\WINDOWS\inf\netfw.PNF
*\WINDOWS\inf\netfxocm.inf
*\WINDOWS\inf\netfxocm.PNF
*\WINDOWS\inf\netgpc.inf
*\WINDOWS\inf\netgpc.PNF
*\WINDOWS\inf\netias.inf
*\WINDOWS\inf\netias.PNF
*\WINDOWS\inf\netibm.inf
*\WINDOWS\inf\netibm.PNF
*\WINDOWS\inf\netibm2.inf
*\WINDOWS\inf\netibm2.PNF
*\WINDOWS\inf\netip6.inf
*\WINDOWS\inf\netip6.PNF
*\WINDOWS\inf\netiprip.inf
*\WINDOWS\inf\netiprip.PNF
*\WINDOWS\inf\netirda.inf
*\WINDOWS\inf\netirda.PNF
*\WINDOWS\inf\netirsir.inf
*\WINDOWS\inf\netirsir.PNF
*\WINDOWS\inf\netklsi.inf
*\WINDOWS\inf\netklsi.PNF
*\WINDOWS\inf\netktc.inf
*\WINDOWS\inf\netktc.PNF
*\WINDOWS\inf\netlanem.inf
*\WINDOWS\inf\netlanem.PNF
*\WINDOWS\inf\netlanep.inf
*\WINDOWS\inf\netlanep.PNF
*\WINDOWS\inf\netlm.inf
*\WINDOWS\inf\netlm.PNF
*\WINDOWS\inf\netlm56.inf
*\WINDOWS\inf\netlm56.PNF
*\WINDOWS\inf\netlnev2.inf
*\WINDOWS\inf\netlnev2.PNF
*\WINDOWS\inf\netloop.inf
*\WINDOWS\inf\netloop.PNF
*\WINDOWS\inf\netlpd.inf
*\WINDOWS\inf\netlpd.PNF
*\WINDOWS\inf\netmadge.inf
*\WINDOWS\inf\netmadge.PNF
*\WINDOWS\inf\netmhzn5.inf
*\WINDOWS\inf\netmhzn5.PNF
*\WINDOWS\inf\netmscli.inf
*\WINDOWS\inf\netmscli.PNF
*\WINDOWS\inf\netnb.inf
*\WINDOWS\inf\netnb.PNF
*\WINDOWS\inf\netnf3.inf
*\WINDOWS\inf\netnf3.PNF
*\WINDOWS\inf\netngr.inf
*\WINDOWS\inf\netngr.PNF
*\WINDOWS\inf\netnm.inf
*\WINDOWS\inf\netnm.PNF
*\WINDOWS\inf\netnovel.inf
*\WINDOWS\inf\netnovel.PNF
*\WINDOWS\inf\netnwcli.inf
*\WINDOWS\inf\netnwcli.PNF
*\WINDOWS\inf\netnwlnk.inf
*\WINDOWS\inf\netnwlnk.PNF
*\WINDOWS\inf\netoc.inf
*\WINDOWS\inf\netoc.PNF
*\WINDOWS\inf\netosi2c.inf
*\WINDOWS\inf\netosi2c.PNF
*\WINDOWS\inf\netosi5.inf
*\WINDOWS\inf\netosi5.PNF
*\WINDOWS\inf\netpc100.inf
*\WINDOWS\inf\netpc100.PNF
*\WINDOWS\inf\netpnic.inf
*\WINDOWS\inf\netpnic.PNF
*\WINDOWS\inf\netpsa.inf
*\WINDOWS\inf\netpsa.PNF
*\WINDOWS\inf\netpschd.inf
*\WINDOWS\inf\netpschd.PNF
*\WINDOWS\inf\netpwr2.inf
*\WINDOWS\inf\netpwr2.PNF
*\WINDOWS\inf\netrasa.inf
*\WINDOWS\inf\netrasa.PNF
*\WINDOWS\inf\netrass.inf
*\WINDOWS\inf\netrass.PNF
*\WINDOWS\inf\netrast.inf
*\WINDOWS\inf\netrast.PNF
*\WINDOWS\inf\netrlw2k.inf
*\WINDOWS\inf\netrlw2k.PNF
*\WINDOWS\inf\netrndis.inf
*\WINDOWS\inf\netrndis.PNF
*\WINDOWS\inf\netrsvp.inf
*\WINDOWS\inf\netrsvp.PNF
*\WINDOWS\inf\netrtpnt.inf
*\WINDOWS\inf\netrtpnt.PNF
*\WINDOWS\inf\netrtsnt.inf
*\WINDOWS\inf\netrtsnt.PNF
*\WINDOWS\inf\netrwan.inf
*\WINDOWS\inf\netrwan.PNF
*\WINDOWS\inf\netsap.inf
*\WINDOWS\inf\netsap.PNF
*\WINDOWS\inf\netserv.inf
*\WINDOWS\inf\netserv.PNF
*\WINDOWS\inf\netsis.inf
*\WINDOWS\inf\netsis.PNF
*\WINDOWS\inf\netsk98.inf
*\WINDOWS\inf\netsk98.PNF
*\WINDOWS\inf\netsk_fp.inf
*\WINDOWS\inf\netsk_fp.PNF
*\WINDOWS\inf\netsla30.inf
*\WINDOWS\inf\netsla30.PNF
*\WINDOWS\inf\netsmc.inf
*\WINDOWS\inf\netsmc.PNF
*\WINDOWS\inf\netsnip.inf
*\WINDOWS\inf\netsnip.PNF
*\WINDOWS\inf\netsnmp.inf
*\WINDOWS\inf\netsnmp.PNF
*\WINDOWS\inf\nettb155.inf
*\WINDOWS\inf\nettb155.PNF
*\WINDOWS\inf\nettcpip.inf
*\WINDOWS\inf\nettcpip.PNF
*\WINDOWS\inf\nettdkb.inf
*\WINDOWS\inf\nettdkb.PNF
*\WINDOWS\inf\nettiger.inf
*\WINDOWS\inf\nettiger.PNF
*\WINDOWS\inf\nettpro.inf
*\WINDOWS\inf\nettpro.PNF
*\WINDOWS\inf\nettpsmp.inf
*\WINDOWS\inf\nettpsmp.PNF
*\WINDOWS\inf\nettun.inf
*\WINDOWS\inf\nettun.PNF
*\WINDOWS\inf\netupnp.inf
*\WINDOWS\inf\netupnp.PNF
*\WINDOWS\inf\netupnph.inf
*\WINDOWS\inf\netupnph.PNF
*\WINDOWS\inf\netvt86.inf
*\WINDOWS\inf\netvt86.PNF
*\WINDOWS\inf\netw840.inf
*\WINDOWS\inf\netw840.PNF
*\WINDOWS\inf\netw926.inf
*\WINDOWS\inf\netw926.PNF
*\WINDOWS\inf\netw940.inf
*\WINDOWS\inf\netw940.PNF
*\WINDOWS\inf\netwlan.inf
*\WINDOWS\inf\netwlan.PNF
*\WINDOWS\inf\netwlan2.inf
*\WINDOWS\inf\netwlan2.PNF
*\WINDOWS\inf\netwv48.inf
*\WINDOWS\inf\netwv48.PNF
*\WINDOWS\inf\netwzc.inf
*\WINDOWS\inf\netwzc.PNF
*\WINDOWS\inf\netx500.inf
*\WINDOWS\inf\netx500.PNF
*\WINDOWS\inf\netx56n5.inf
*\WINDOWS\inf\netx56n5.PNF
*\WINDOWS\inf\netxcpq.inf
*\WINDOWS\inf\netxcpq.PNF
*\WINDOWS\inf\ntapm.inf
*\WINDOWS\inf\ntapm.PNF
*\WINDOWS\inf\ntgrip.inf
*\WINDOWS\inf\ntgrip.PNF
*\WINDOWS\inf\ntprint.inf
*\WINDOWS\inf\ntprint.PNF
*\WINDOWS\inf\nv3.inf
*\WINDOWS\inf\nv3.PNF
*\WINDOWS\inf\nv4_disp.inf
*\WINDOWS\inf\nv4_disp.PNF
*\WINDOWS\inf\nvct.inf
*\WINDOWS\inf\nvct.PNF
*\WINDOWS\inf\nvdm.inf
*\WINDOWS\inf\nvdm.PNF
*\WINDOWS\inf\nvts.inf
*\WINDOWS\inf\nvts.PNF
*\WINDOWS\inf\oeaccess.inf
*\WINDOWS\inf\oeaccess.PNF
*\WINDOWS\inf\oem0.inf
*\WINDOWS\inf\oem0.PNF
*\WINDOWS\inf\oem1.inf
*\WINDOWS\inf\oem1.PNF
*\WINDOWS\inf\oem10.inf
*\WINDOWS\inf\oem10.PNF
*\WINDOWS\inf\oem11.inf
*\WINDOWS\inf\oem11.PNF
*\WINDOWS\inf\oem12.inf
*\WINDOWS\inf\oem12.PNF
*\WINDOWS\inf\oem13.inf
*\WINDOWS\inf\oem13.PNF
*\WINDOWS\inf\oem14.inf
*\WINDOWS\inf\oem14.PNF
*\WINDOWS\inf\oem15.inf
*\WINDOWS\inf\oem15.PNF
*\WINDOWS\inf\oem16.inf
*\WINDOWS\inf\oem16.PNF
*\WINDOWS\inf\oem17.inf
*\WINDOWS\inf\oem17.PNF
*\WINDOWS\inf\oem18.inf
*\WINDOWS\inf\oem18.PNF
*\WINDOWS\inf\oem19.inf
*\WINDOWS\inf\oem19.PNF
*\WINDOWS\inf\oem2.inf
*\WINDOWS\inf\oem2.PNF
*\WINDOWS\inf\oem20.inf
*\WINDOWS\inf\oem20.PNF
*\WINDOWS\inf\oem21.inf
*\WINDOWS\inf\oem21.PNF
*\WINDOWS\inf\oem22.inf
*\WINDOWS\inf\oem22.PNF
*\WINDOWS\inf\oem23.inf
*\WINDOWS\inf\oem23.PNF
*\WINDOWS\inf\oem24.inf
*\WINDOWS\inf\oem24.PNF
*\WINDOWS\inf\oem25.inf
*\WINDOWS\inf\oem25.PNF
*\WINDOWS\inf\oem26.inf
*\WINDOWS\inf\oem26.PNF
*\WINDOWS\inf\oem27.inf
*\WINDOWS\inf\oem27.PNF
*\WINDOWS\inf\oem28.inf
*\WINDOWS\inf\oem28.PNF
*\WINDOWS\inf\oem29.inf
*\WINDOWS\inf\oem3.inf
*\WINDOWS\inf\oem3.PNF
*\WINDOWS\inf\oem30.inf
*\WINDOWS\inf\oem30.PNF
*\WINDOWS\inf\oem4.inf
*\WINDOWS\inf\oem4.PNF
*\WINDOWS\inf\oem5.inf
*\WINDOWS\inf\oem5.PNF
*\WINDOWS\inf\oem6.inf
*\WINDOWS\inf\oem6.PNF
*\WINDOWS\inf\oem7.inf
*\WINDOWS\inf\oem7.PNF
*\WINDOWS\inf\oem8.inf
*\WINDOWS\inf\oem8.PNF
*\WINDOWS\inf\oem9.inf
*\WINDOWS\inf\oem9.PNF
*\WINDOWS\inf\ovcam.inf
*\WINDOWS\inf\ovcam.PNF
*\WINDOWS\inf\ovcomp.inf
*\WINDOWS\inf\ovcomp.PNF
*\WINDOWS\inf\ovsound.inf
*\WINDOWS\inf\ovsound.PNF
*\WINDOWS\inf\p2p.inf
*\WINDOWS\inf\p2p.PNF
*\WINDOWS\inf\parhmse.inf
*\WINDOWS\inf\parhmse.PNF
*\WINDOWS\inf\pchealth.inf
*\WINDOWS\inf\pchealth.PNF
*\WINDOWS\inf\pcmcia.inf
*\WINDOWS\inf\pcmcia.PNF
*\WINDOWS\inf\perm2.inf
*\WINDOWS\inf\perm2.PNF
*\WINDOWS\inf\perm3.inf
*\WINDOWS\inf\perm3.PNF
*\WINDOWS\inf\phdsext.inf
*\WINDOWS\inf\phdsext.PNF
*\WINDOWS\inf\phil1vid.inf
*\WINDOWS\inf\phil1vid.PNF
*\WINDOWS\inf\phil2vid.inf
*\WINDOWS\inf\phil2vid.PNF
*\WINDOWS\inf\phildec.inf
*\WINDOWS\inf\phildec.PNF
*\WINDOWS\inf\philtune.inf
*\WINDOWS\inf\philtune.PNF
*\WINDOWS\inf\pmxmcro.inf
*\WINDOWS\inf\pmxmcro.PNF
*\WINDOWS\inf\pnpscsi.inf
*\WINDOWS\inf\pnpscsi.PNF
*\WINDOWS\inf\ppa.inf
*\WINDOWS\inf\ppa.PNF
*\WINDOWS\inf\ppa3.inf
*\WINDOWS\inf\ppa3.PNF
*\WINDOWS\inf\printupg.inf
*\WINDOWS\inf\printupg.PNF
*\WINDOWS\inf\prtupg9x.inf
*\WINDOWS\inf\prtupg9x.PNF
*\WINDOWS\inf\ps5333.inf
*\WINDOWS\inf\ps5333.PNF
*\WINDOWS\inf\ptpusb.inf
*\WINDOWS\inf\ptpusb.PNF
*\WINDOWS\inf\pxhelp20.inf
*\WINDOWS\inf\PxHelp20.PNF
*\WINDOWS\inf\qmgr.inf
*\WINDOWS\inf\qmgr.PNF
*\WINDOWS\inf\ramdisk.inf
*\WINDOWS\inf\ramdisk.PNF
*\WINDOWS\inf\ricoh.inf
*\WINDOWS\inf\ricoh.PNF
*\WINDOWS\inf\rootau.inf
*\WINDOWS\inf\rootau.PNF
*\WINDOWS\inf\s3sav3d.inf
*\WINDOWS\inf\s3sav3d.PNF
*\WINDOWS\inf\s3sav4.inf
*\WINDOWS\inf\s3sav4.PNF
*\WINDOWS\inf\s3savmx.inf
*\WINDOWS\inf\s3savmx.PNF
*\WINDOWS\inf\s3trio3d.inf
*\WINDOWS\inf\s3trio3d.PNF
*\WINDOWS\inf\sapi5.inf
*\WINDOWS\inf\sapi5.PNF
*\WINDOWS\inf\sbp2.inf
*\WINDOWS\inf\sbp2.PNF
*\WINDOWS\inf\sceregvl.inf
*\WINDOWS\inf\sceregvl.PNF
*\WINDOWS\inf\scsi.inf
*\WINDOWS\inf\scsi.PNF
*\WINDOWS\inf\scsidev.inf
*\WINDOWS\inf\scsidev.PNF
*\WINDOWS\inf\sdbus.inf
*\WINDOWS\inf\sdbus.PNF
*\WINDOWS\inf\sdwndr2k.inf
*\WINDOWS\inf\sdwndr2k.PNF
*\WINDOWS\inf\secdrv.inf
*\WINDOWS\inf\secdrv.PNF
*\WINDOWS\inf\secrecs.inf
*\WINDOWS\inf\secrecs.PNF
*\WINDOWS\inf\setupqry.inf
*\WINDOWS\inf\setupqry.PNF
*\WINDOWS\inf\sffdisk.inf
*\WINDOWS\inf\sffdisk.PNF
*\WINDOWS\inf\sgiu.inf
*\WINDOWS\inf\sgiu.PNF
*\WINDOWS\inf\shell.inf
*\WINDOWS\inf\shell.PNF
*\WINDOWS\inf\shl_img.inf
*\WINDOWS\inf\shl_img.PNF
*\WINDOWS\inf\sis300i.inf
*\WINDOWS\inf\sis300i.PNF
*\WINDOWS\inf\sis6306.inf
*\WINDOWS\inf\sis6306.PNF
*\WINDOWS\inf\sisgr.inf
*\WINDOWS\inf\sisgr.PNF
*\WINDOWS\inf\sisv6326.inf
*\WINDOWS\inf\sisv6326.PNF
*\WINDOWS\inf\skins.inf
*\WINDOWS\inf\skins.PNF
*\WINDOWS\inf\slip.inf
*\WINDOWS\inf\slip.PNF
*\WINDOWS\inf\smartcrd.inf
*\WINDOWS\inf\smartcrd.PNF
*\WINDOWS\inf\smi.inf
*\WINDOWS\inf\smi.PNF
*\WINDOWS\inf\sonypvu1.inf
*\WINDOWS\inf\sonypvu1.PNF
*\WINDOWS\inf\spx.inf
*\WINDOWS\inf\spx.PNF
*\WINDOWS\inf\spxports.inf
*\WINDOWS\inf\spxports.PNF
*\WINDOWS\inf\sr.inf
*\WINDOWS\inf\sr.PNF
*\WINDOWS\inf\srchasst.inf
*\WINDOWS\inf\srchasst.PNF
*\WINDOWS\inf\srusbusd.inf
*\WINDOWS\inf\srusbusd.PNF
*\WINDOWS\inf\stalport.inf
*\WINDOWS\inf\stalport.PNF
*\WINDOWS\inf\sti.inf
*\WINDOWS\inf\sti.PNF
*\WINDOWS\inf\stillcam.inf
*\WINDOWS\inf\stillcam.PNF
*\WINDOWS\inf\streamip.inf
*\WINDOWS\inf\streamip.PNF
*\WINDOWS\inf\strmanim.inf
*\WINDOWS\inf\strmanim.PNF
*\WINDOWS\inf\svcpack.inf
*\WINDOWS\inf\SVCPACK.PNF
*\WINDOWS\inf\swflash.inf
*\WINDOWS\inf\swflash.PNF
*\WINDOWS\inf\swnt.inf
*\WINDOWS\inf\swnt.PNF
*\WINDOWS\inf\syscomp.inf
*\WINDOWS\inf\syscomp.PNF
*\WINDOWS\inf\sysoc.inf
*\WINDOWS\inf\SYSOC.PNF
*\WINDOWS\inf\syssetup.inf
*\WINDOWS\inf\syssetup.PNF
*\WINDOWS\inf\system.adm
*\WINDOWS\inf\tabletpc.inf
*\WINDOWS\inf\tabletpc.PNF
*\WINDOWS\inf\tape.inf
*\WINDOWS\inf\tape.PNF
*\WINDOWS\inf\tdibth.inf
*\WINDOWS\inf\tdibth.PNF
*\WINDOWS\inf\tgiu.inf
*\WINDOWS\inf\tgiu.PNF
*\WINDOWS\inf\trid3d.inf
*\WINDOWS\inf\trid3d.PNF
*\WINDOWS\inf\tridkb.inf
*\WINDOWS\inf\tridkb.PNF
*\WINDOWS\inf\tridxp.inf
*\WINDOWS\inf\tridxp.PNF
*\WINDOWS\inf\tsbvcap.inf
*\WINDOWS\inf\tsbvcap.PNF
*\WINDOWS\inf\tshoot.inf
*\WINDOWS\inf\tshoot.PNF
*\WINDOWS\inf\tsoc.inf
*\WINDOWS\inf\tsoc.PNF
*\WINDOWS\inf\umax.inf
*\WINDOWS\inf\umax.PNF
*\WINDOWS\inf\umaxpp.inf
*\WINDOWS\inf\umaxpp.PNF
*\WINDOWS\inf\unknown.inf
*\WINDOWS\inf\unknown.PNF
*\WINDOWS\inf\unregmp2.exe
*\WINDOWS\inf\usb.inf
*\WINDOWS\inf\usb.PNF
*\WINDOWS\inf\usbport.inf
*\WINDOWS\inf\usbport.PNF
*\WINDOWS\inf\usbprint.inf
*\WINDOWS\inf\usbprint.PNF
*\WINDOWS\inf\usbstor.inf
*\WINDOWS\inf\usbstor.PNF
*\WINDOWS\inf\usbvideo.inf
*\WINDOWS\inf\usbvideo.PNF
*\WINDOWS\inf\vgx.inf
*\WINDOWS\inf\vgx.PNF
*\WINDOWS\inf\viafir2k.inf
*\WINDOWS\inf\viafir2k.PNF
*\WINDOWS\inf\volsnap.inf
*\WINDOWS\inf\volsnap.PNF
*\WINDOWS\inf\volume.inf
*\WINDOWS\inf\volume.PNF
*\WINDOWS\inf\wab50.inf
*\WINDOWS\inf\wab50.PNF
*\WINDOWS\inf\wave.inf
*\WINDOWS\inf\wave.PNF
*\WINDOWS\inf\wbemoc.inf
*\WINDOWS\inf\wbemoc.PNF
*\WINDOWS\inf\wbemsnmp.inf
*\WINDOWS\inf\wbemsnmp.PNF
*\WINDOWS\inf\wbfirdma.inf
*\WINDOWS\inf\wbfirdma.PNF
*\WINDOWS\inf\wceusbsh.inf
*\WINDOWS\inf\wceusbsh.PNF
*\WINDOWS\inf\wdma10k1.inf
*\WINDOWS\inf\wdma10k1.PNF
*\WINDOWS\inf\wdmaudio.inf
*\WINDOWS\inf\wdmaudio.PNF
*\WINDOWS\inf\wdma_ali.inf
*\WINDOWS\inf\wdma_ali.PNF
*\WINDOWS\inf\wdma_aur.inf
*\WINDOWS\inf\wdma_aur.PNF
*\WINDOWS\inf\wdma_avc.inf
*\WINDOWS\inf\wdma_avc.PNF
*\WINDOWS\inf\wdma_azt.inf
*\WINDOWS\inf\wdma_azt.PNF
*\WINDOWS\inf\wdma_csc.inf
*\WINDOWS\inf\wdma_csc.PNF
*\WINDOWS\inf\wdma_csf.inf
*\WINDOWS\inf\wdma_csf.PNF
*\WINDOWS\inf\wdma_ctl.inf
*\WINDOWS\inf\wdma_ctl.PNF
*\WINDOWS\inf\wdma_cwr.inf
*\WINDOWS\inf\wdma_cwr.PNF
*\WINDOWS\inf\wdma_ens.inf
*\WINDOWS\inf\wdma_ens.PNF
*\WINDOWS\inf\wdma_es2.inf
*\WINDOWS\inf\wdma_es2.PNF
*\WINDOWS\inf\wdma_es3.inf
*\WINDOWS\inf\wdma_es3.PNF
*\WINDOWS\inf\wdma_ess.inf
*\WINDOWS\inf\wdma_ess.PNF
*\WINDOWS\inf\wdma_int.inf
*\WINDOWS\inf\wdma_int.PNF
*\WINDOWS\inf\wdma_m2e.inf
*\WINDOWS\inf\wdma_m2e.PNF
*\WINDOWS\inf\wdma_ne2.inf
*\WINDOWS\inf\wdma_ne2.PNF
*\WINDOWS\inf\wdma_neo.inf
*\WINDOWS\inf\wdma_neo.PNF
*\WINDOWS\inf\wdma_rip.inf
*\WINDOWS\inf\wdma_rip.PNF
*\WINDOWS\inf\wdma_sis.inf
*\WINDOWS\inf\wdma_sis.PNF
*\WINDOWS\inf\wdma_usb.inf
*\WINDOWS\inf\wdma_usb.PNF
*\WINDOWS\inf\wdma_via.inf
*\WINDOWS\inf\wdma_via.PNF
*\WINDOWS\inf\wdma_ym2.inf
*\WINDOWS\inf\wdma_ym2.PNF
*\WINDOWS\inf\wdma_ymh.inf
*\WINDOWS\inf\wdma_ymh.PNF
*\WINDOWS\inf\wdmjoy.inf
*\WINDOWS\inf\wdmjoy.PNF
*\WINDOWS\inf\wfp0.inf
*\WINDOWS\inf\wfp0.PNF
*\WINDOWS\inf\wfp1.inf
*\WINDOWS\inf\wfp1.PNF
*\WINDOWS\inf\wfp2.inf
*\WINDOWS\inf\wfp2.PNF
*\WINDOWS\inf\wfp3.inf
*\WINDOWS\inf\wfp3.PNF
*\WINDOWS\inf\wfp4.inf
*\WINDOWS\inf\wfp4.PNF
*\WINDOWS\inf\wfp5.inf
*\WINDOWS\inf\wfp5.PNF
*\WINDOWS\inf\wfp6.inf
*\WINDOWS\inf\wfp6.PNF
*\WINDOWS\inf\wfp7.inf
*\WINDOWS\inf\wfp7.PNF
*\WINDOWS\inf\wfp8.inf
*\WINDOWS\inf\wfp8.PNF
*\WINDOWS\inf\wmad.inf
*\WINDOWS\inf\wmad.PNF
*\WINDOWS\inf\wmdm.inf
*\WINDOWS\inf\wmdm.PNF
*\WINDOWS\inf\wmfsdk.inf
*\WINDOWS\inf\wmfsdk.PNF
*\WINDOWS\inf\wmp.inf
*\WINDOWS\inf\wmp.PNF
*\WINDOWS\inf\wmplayer.adm
*\WINDOWS\inf\wmpocm.inf
*\WINDOWS\inf\wmpocm.PNF
*\WINDOWS\inf\wmtour.inf
*\WINDOWS\inf\wmtour.PNF
*\WINDOWS\inf\wsh.inf
*\WINDOWS\inf\wsh.PNF
*\WINDOWS\inf\wstcodec.inf
*\WINDOWS\inf\wstcodec.PNF
*\WINDOWS\inf\wtv0.inf
*\WINDOWS\inf\wtv0.PNF
*\WINDOWS\inf\wtv1.inf
*\WINDOWS\inf\wtv1.PNF
*\WINDOWS\inf\wtv2.inf
*\WINDOWS\inf\wtv2.PNF
*\WINDOWS\inf\wtv3.inf
*\WINDOWS\inf\wtv3.PNF
*\WINDOWS\inf\wtv4.inf
*\WINDOWS\inf\wtv4.PNF
*\WINDOWS\inf\wtv5.inf
*\WINDOWS\inf\wtv5.PNF
*\WINDOWS\inf\wuau.adm
*\WINDOWS\inf\xscan_xp.inf
*\WINDOWS\inf\xscan_xp.PNF

hfb · Dec 12, 2006

*\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\3CSWTCN5\miniclip.com\games\clash-n-slash\en\clashnslashweb.swf\MiniclipLoaderAd.sol
*\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\3CSWTCN5\www.lacoste.com\library\swf\core\Main-7.5.swf\stat.sol
*\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\3CSWTCN5\www.lighting.philips.com\microsite\homelighting\ie_en\home.swf\phBolPrefs.sol
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\accelimation.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\browser.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\browser.xul
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\config.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\convert2RegExp.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\default-config.xml
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\install.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\install.xul
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\manage.xul
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\menucommander.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\miscapis.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\pages-overlay.xul
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\prefmanager.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\scriptdownloader.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\status_off.gif
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\status_on.gif
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\template.user.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\test.html
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\utils.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\versioning.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\content\xmlhttprequester.js
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\icons\default\greasemonkey.ico
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\icons\default\greasemonkey.xpm
*\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\3CSWTCN5\www.kcra.com\download\sh\images\flash\mediawindow_320x340_v1.swf\mediaWindowSO4.sol
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\cs-CZ\gm-browser.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\cs-CZ\gm-manage.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\cs-CZ\greasemonkey.dtd
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\de-DE\gm-browser.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\de-DE\gm-manage.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\de-DE\greasemonkey.dtd
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\en-US\gm-browser.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\en-US\gm-manage.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\en-US\greasemonkey.dtd
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\es-ES\gm-browser.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\es-ES\gm-manage.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\es-ES\greasemonkey.dtd
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\nl-NL\gm-browser.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\nl-NL\gm-manage.properties
*\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o0feapny.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\chromeFiles\locale\nl-NL\greasemonkey.dtd
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\regsvr32.exe
*C:\Program Files\Samsung\Samsung PC Studio 3\REGSVR32.EXE
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

Ried · Dec 17, 2006

Hello hfb,

My apologies for the delay. I'm still not seeing the source. I'd like you to try this program and see if it finds it for us:

Download, and install CounterSpy. (It offers a 15-day Free Trial) Update it's database if prompted.

Run the scan and post the results here along with an update on the behavior of your computer.

My mouse coursor is going wild.

Top Contributors this Month