Unsolved
This post is more than 5 years old
2 Posts
0
1097
NAV showed this:malware.trace herjek.config, asam.exe, AV popup came up, ran Hijack this, please analyze. Thanks you very much
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:26 AM, on 7/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070108
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070108
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca4acfd5f1d784) (gupdate1ca4acfd5f1d784) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12535 bytes
bamajim
10.4K Posts
0
July 5th, 2010 15:00
1. Go HERE and download FileLister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
When the program is fnished it will produce a log for you Files.txt
Which will be located in the default location from which FileLister was run(the FileLister folder)
Copy and paste the contents of that log in your reply.
michaelap
2 Posts
0
July 13th, 2010 10:00
Here are the contents of "hidden.txt" :
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\ntdetect.com
C:\boot.ini
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\ntuser.ini
C:\Documents and Settings\Administrator\Application Data\desktop.ini
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Administrator\Favorites\Desktop.ini
C:\Documents and Settings\Administrator\Local Settings\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Administrator\My Documents\desktop.ini
C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Administrator\Recent\Desktop.ini
C:\Documents and Settings\Administrator\SendTo\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\All Users\Application Data\desktop.ini
C:\Documents and Settings\All Users\Application Data\Sonic\sarlicense.dat
C:\Documents and Settings\All Users\Documents\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Mark Knopfler\shangri-la\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Robert Randolph & the Family Band\Unclassified\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Yahoo! Music Sampler\desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
C:\Documents and Settings\All Users\Start Menu\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Fax\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Daniel\NTUSER.DAT
C:\Documents and Settings\Daniel\ntuser.ini
C:\Documents and Settings\Daniel\Application Data\desktop.ini
C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Daniel\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Daniel\Favorites\Desktop.ini
C:\Documents and Settings\Daniel\Local Settings\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\EQXGO0F2\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\HIZZ2CEN\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\HT3QWQT1\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\LC0QX741\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Daniel\Local Settings\History\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\History\History.IE5\MSHist012009101220091019\index.dat
C:\Documents and Settings\Daniel\Local Settings\History\History.IE5\MSHist012009102020091021\index.dat
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\desktop.ini
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7\desktop.ini
C:\Documents and Settings\Daniel\My Documents\desktop.ini
C:\Documents and Settings\Daniel\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Daniel\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Daniel\NetHood\c on Dell Dimension E521 (Delldimension)\Desktop.ini
C:\Documents and Settings\Daniel\Recent\Desktop.ini
C:\Documents and Settings\Daniel\SendTo\desktop.ini
C:\Documents and Settings\Daniel\Start Menu\desktop.ini
C:\Documents and Settings\Daniel\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Daniel\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Daniel\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Daniel\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Daniel\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Default User\NTUSER.DAT
C:\Documents and Settings\Default User\ntuser.ini
C:\Documents and Settings\Default User\Application Data\desktop.ini
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Default User\Favorites\Desktop.ini
C:\Documents and Settings\Default User\Local Settings\desktop.ini
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Default User\Local Settings\History\desktop.ini
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Default User\My Documents\desktop.ini
C:\Documents and Settings\Default User\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Default User\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Default User\Recent\Desktop.ini
C:\Documents and Settings\Default User\SendTo\desktop.ini
C:\Documents and Settings\Default User\Start Menu\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\LocalService\NTUSER.DAT
C:\Documents and Settings\LocalService\ntuser.ini
C:\Documents and Settings\LocalService\Favorites\Desktop.ini
C:\Documents and Settings\LocalService\Local Settings\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\5ECWDKDV\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\92L9ZUD7\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\HZNG6T63\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\QWLV4LZR\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010062220100623\index.dat
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\908PVRSA\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\NZRG84XR\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\QD13H0CQ\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z17R589C\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5E1ZCF4H\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7HW8JF07\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E4OO3XYP\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JD2Y0D9E\desktop.ini
C:\Documents and Settings\Michael\NTUSER.DAT
C:\Documents and Settings\Michael\ntuser.ini
C:\Documents and Settings\Michael\Application Data\desktop.ini
C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Michael\Cookies\desktop.ini
C:\Documents and Settings\Michael\Favorites\Desktop.ini
C:\Documents and Settings\Michael\Local Settings\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\C01MX0AS\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\QN8VNQW1\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\QQYQZL26\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\Y55S8BZP\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Michael\Local Settings\History\desktop.ini
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010061420100621\index.dat
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010062120100628\index.dat
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010062220100623\index.dat
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010062820100705\index.dat
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010070520100712\index.dat
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010071220100713\index.dat
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012010071320100714\index.dat
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Michael\My Documents\desktop.ini
C:\Documents and Settings\Michael\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Michael\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Michael\NetHood\c on Dell Dimension E521 (Delldimension)\Desktop.ini
C:\Documents and Settings\Michael\NetHood\My Web Sites on MSN\Desktop.ini
C:\Documents and Settings\Michael\Recent\Desktop.ini
C:\Documents and Settings\Michael\SendTo\desktop.ini
C:\Documents and Settings\Michael\Start Menu\desktop.ini
C:\Documents and Settings\Michael\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Michael\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Michael\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Michael\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Mike\NTUSER.DAT
C:\Documents and Settings\Mike\ntuser.ini
C:\Documents and Settings\Mike\Application Data\desktop.ini
C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Mike\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Mike\Cookies\index.dat
C:\Documents and Settings\Mike\Cookies\desktop.ini
C:\Documents and Settings\Mike\Favorites\Desktop.ini
C:\Documents and Settings\Mike\Local Settings\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\AV6NM1TN\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\E5Q5RXL9\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\IQ2DRZBF\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\PD8F31O6\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Mike\Local Settings\History\desktop.ini
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012010062120100628\index.dat
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012010062820100705\index.dat
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012010070520100712\index.dat
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012010071220100713\index.dat
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012010071320100714\index.dat
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Mike\My Documents\desktop.ini
C:\Documents and Settings\Mike\My Documents\brads batch files\Brads Batch Files and info\IESettings\History\desktop.ini
C:\Documents and Settings\Mike\My Documents\brads batch files\Brads Batch Files and info\IESettings\History\History.IE5\desktop.ini
C:\Documents and Settings\Mike\My Documents\brads batch files\Brads Batch Files and info\IESettings\Recent\Desktop.ini
C:\Documents and Settings\Mike\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Mike\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Mike\My Documents\win98 data\MyData\My Documents\desktop.ini
C:\Documents and Settings\Mike\NetHood\c on Dell Dimension E521 (Delldimension)\Desktop.ini
C:\Documents and Settings\Mike\NetHood\My Web Sites on MSN\Desktop.ini
C:\Documents and Settings\Mike\Recent\Desktop.ini
C:\Documents and Settings\Mike\SendTo\desktop.ini
C:\Documents and Settings\Mike\Start Menu\desktop.ini
C:\Documents and Settings\Mike\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Mike\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Mike\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Mike\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Mike\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Documents and Settings\Mike\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\MTDM\NTUSER.DAT
C:\Documents and Settings\MTDM\ntuser.ini
C:\Documents and Settings\MTDM\Application Data\desktop.ini
C:\Documents and Settings\MTDM\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\MTDM\Cookies\desktop.ini
C:\Documents and Settings\MTDM\Favorites\Desktop.ini
C:\Documents and Settings\MTDM\Local Settings\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Feeds Cache\ABAME3PQ\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Feeds Cache\AX2XZIUJ\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Feeds Cache\N868ZP4B\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Feeds Cache\TYM5H4GH\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\MTDM\Local Settings\History\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\History\History.IE5\MSHist012007031720070318\index.dat
C:\Documents and Settings\MTDM\Local Settings\History\History.IE5\MSHist012010051320100514\index.dat
C:\Documents and Settings\MTDM\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\MTDM\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\MTDM\My Documents\desktop.ini
C:\Documents and Settings\MTDM\My Documents\My Music\Desktop.ini
C:\Documents and Settings\MTDM\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\MTDM\Recent\Desktop.ini
C:\Documents and Settings\MTDM\SendTo\desktop.ini
C:\Documents and Settings\MTDM\Start Menu\desktop.ini
C:\Documents and Settings\MTDM\Start Menu\Programs\desktop.ini
C:\Documents and Settings\MTDM\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\MTDM\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\MTDM\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\MTDM\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\Documents and Settings\NetworkService\ntuser.ini
C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\21APATQ1\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4LG38BWX\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ETAFYB27\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\STI7WX6F\desktop.ini
C:\Documents and Settings\Tammy\NTUSER.DAT
C:\Documents and Settings\Tammy\ntuser.ini
C:\Documents and Settings\Tammy\Application Data\desktop.ini
C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Tammy\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Tammy\Favorites\Desktop.ini
C:\Documents and Settings\Tammy\Local Settings\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Feeds Cache\D5NUOAEC\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Feeds Cache\O1HFHJLN\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Feeds Cache\P5LXNF67\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Feeds Cache\QK3X68KB\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Tammy\Local Settings\History\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\History\History.IE5\MSHist012008062220080623\index.dat
C:\Documents and Settings\Tammy\Local Settings\History\History.IE5\MSHist012009013120090201\index.dat
C:\Documents and Settings\Tammy\Local Settings\History\History.IE5\MSHist012010051620100517\index.dat
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\0E1P0ZO6\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\98IQ73JG\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\E76Y9AM9\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\ICAZ36HK\desktop.ini
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\PCAQEJ2V\desktop.ini
C:\Documents and Settings\Tammy\My Documents\desktop.ini
C:\Documents and Settings\Tammy\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Tammy\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Tammy\My Documents\My Videos\Desktop.ini
C:\Documents and Settings\Tammy\NetHood\c on Dell Dimension E521 (Delldimension)\Desktop.ini
C:\Documents and Settings\Tammy\NetHood\My Web Sites on MSN\Desktop.ini
C:\Documents and Settings\Tammy\Recent\Desktop.ini
C:\Documents and Settings\Tammy\SendTo\desktop.ini
C:\Documents and Settings\Tammy\Start Menu\desktop.ini
C:\Documents and Settings\Tammy\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Tammy\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Tammy\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Tammy\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Tammy\Start Menu\Programs\Startup\desktop.ini
C:\i386\UsrClass.dat
C:\i386\desktop.ini
C:\Program Files\Spider-Man Photo Lab\_Setupx.dll
C:\Program Files\Spider-Man Photo Lab\Setup.exe
C:\Program Files\Spider-Man Photo Lab\Setup.ini
C:\Program Files\Spybot - Search & Destroy\advcheck.dll
C:\Program Files\Spybot - Search & Destroy\Tools.dll
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\RECYCLER\S-1-5-21-793882319-2200436885-2646306580-1007\desktop.ini
C:\RECYCLER\S-1-5-21-793882319-2200436885-2646306580-1008\desktop.ini
C:\RECYCLER\S-1-5-21-793882319-2200436885-2646306580-1010\desktop.ini
C:\RECYCLER\S-1-5-21-793882319-2200436885-2646306580-500\desktop.ini
C:\WINDOWS\assembly\pubpol1.dat
C:\WINDOWS\assembly\Desktop.ini
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index16c.dat
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index16d.dat
C:\WINDOWS\Downloaded Program Files\desktop.ini
C:\WINDOWS\Fonts\desktop.ini
C:\WINDOWS\inf\oem19.inf
C:\WINDOWS\inf\oem23.inf
C:\WINDOWS\inf\oem24.inf
C:\WINDOWS\inf\oem26.inf
C:\WINDOWS\inf\oem27.inf
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\Offline Web Pages\desktop.ini
C:\WINDOWS\repair\ntuser.dat
C:\WINDOWS\system32\74820A0D5E.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Favorites\Desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B12GJTAJ\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EPFB0N4M\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PFRX1RVG\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TGH0565X\desktop.ini
C:\WINDOWS\system32\config\systemprofile\My Documents\desktop.ini
C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\Desktop.ini
C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini
C:\WINDOWS\system32\config\systemprofile\Recent\Desktop.ini
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Temp\Cookies\index.dat
C:\WINDOWS\Temp\History\History.IE5\index.dat
C:\WINDOWS\Temp\History\History.IE5\desktop.ini
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\591RRUI3\desktop.ini
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WANYJB91\desktop.ini
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YGQKO8S2\desktop.ini
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YL9IRZ3I\desktop.ini