Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 jwc56

jwc56

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 12 April 2008 - 07:58 AM

I believe the problem started when I was prompted with a Flash player upgrade screen and I accepted the invitation.

Initial problems showed up as numerous pop ups stating that I had an infection and to select their solution. (these were not from programs that I had installed knowingly) At that point I was using PCTools spyware checker and virus scanning. Numerous popups from pc tools showing that it was blocking access to "bad websites", some were listed by name but they went by so fast that I could not record them.

I did numerous virus scans with PCTools and showed 3500+ infections (mostly in Itunes) performed the cleaning task but each time I would reboot there would still be viruses on the machine when I did a new scan. Did this 7 times then installed Trend Micro Internetpro 2008. It also found virus on several iterations.

Symptoms that I am seeing:

1. task manager unconfigured. (in fact all group policy are unconfigured) I reconfigured task manager to run. Message said that "your system administrator has disabled task manager functionality"
2. very slow computer operation
3. new icons on desktop. (error clean, Privacy Protector, Spyware protector) from website, www.viruswebprotect.com
4. Misc audio files will periodically start playing (movie trailers, misc sounds, talk show clips)
5. Unknown ips showing in my wireless network monitor

i posted log files from DSS and Kaspersky as well as attaching them.

Thanks for your help.

Jeff


Deckard Main File

Deckard's System Scanner v20071014.68
Run by Jeff on 2008-04-11 17:22:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
118: 2008-04-11 22:22:33 UTC - RP469 - Deckard's System Scanner Restore Point
117: 2008-04-11 15:21:08 UTC - RP468 - Removed DING!
116: 2008-04-11 15:20:13 UTC - RP467 - Removed Driver Installer
115: 2008-04-11 15:14:05 UTC - RP466 - Removed Safari
114: 2008-04-11 06:23:07 UTC - RP465 - Installed Windows XP KB936021.


-- First Restore Point --
1: 2008-01-13 17:17:39 UTC - RP352 - Made by Registry Mechanic


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis (run as Jeff.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:20 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Documents and Settings\Jeff\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeff.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: vnbptxlf - {3AB99368-48AF-4A01-B845-2904204948B5} - C:\WINDOWS\vnbptxlf.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207865722250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O21 - SSODL: CDService - {1e4d0049-c937-44ee-8854-3bb53776041b} - C:\WINDOWS\Resources\CDService.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9878 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080411-075148-168 O17 - HKLM\System\CCS\Services\Tcpip\..\{63BA9610-0203-43AD-AC92-748DA74E37D5}: NameServer = 1.1.1.1,66.7.165.21

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 IPSECDRV (SafeNet IPSec Plugin) - c:\windows\system32\drivers\ipsecdrv.sys <Not Verified; SafeNet; SafeNet VPN Client>
R2 Crypto - c:\windows\system32\drivers\crypto.sys <Not Verified; SafeNet; SafeNet CSP>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys

S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 IPSECMON (SafeNet Monitor Service) - "c:\program files\netgear\netgear prosafe vpn client\ipsecmon.exe" <Not Verified; SafeNet; SafeNet VPN Client>
R2 IreIKE (SafeNet IKE Service) - "c:\program files\netgear\netgear prosafe vpn client\ireike.exe" <Not Verified; SafeNet; SafeNet VPN Client>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0000
Manufacturer: Trend Micro
Name: Deterministic Networks WAN Virtual miniport - Trend Micro Common Firewall Miniport
PNP Device ID: ROOT\TM_CFWMP\0000
Service: tmcfw


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 13:40:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-11 13:40:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-11 07:40:55 0 d-------- C:\WINDOWS\LastGood
2008-04-10 23:37:38 0 d-------- C:\Program Files\MSBuild
2008-04-10 23:31:42 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 23:30:37 0 d-------- C:\Program Files\Reference Assemblies
2008-04-10 23:28:27 0 d-------- C:\Program Files\MSXML 6.0
2008-04-10 21:26:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-10 14:15:12 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-10 12:44:50 0 d-------- C:\WINDOWS\l2schemas
2008-04-10 10:34:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-10 10:33:21 0 d-------- C:\Program Files\Trend Micro
2008-04-10 08:32:12 0 d-------- C:\Documents and Settings\Jeff\Application Data\HouseCall 6.6
2008-04-08 15:59:00 0 d-------- C:\Documents and Settings\Jeff\Application Data\TmpRecentIcons
2008-04-08 08:41:24 155648 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-08 08:41:24 81920 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-07 20:42:42 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-04-07 02:00:32 0 d-------- C:\Program Files\iPod
2008-03-21 01:00:40 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools


-- Find3M Report ---------------------------------------------------------------

2008-04-11 10:21:11 0 d-------- C:\Program Files\Common Files
2008-04-11 09:57:23 0 d-------- C:\Documents and Settings\Jeff\Application Data\Apple Computer
2008-04-10 15:36:48 0 d-------- C:\Program Files\Uniblue
2008-04-10 15:36:10 0 d-------- C:\Documents and Settings\Jeff\Application Data\Uniblue
2008-04-07 11:06:51 0 d-------- C:\Program Files\PhoenixRC
2008-04-07 02:01:03 0 d-------- C:\Program Files\iTunes
2008-04-07 01:56:52 0 d-------- C:\Program Files\QuickTime
2008-03-21 05:48:51 0 d-------- C:\Program Files\Java
2008-03-20 05:45:26 0 d-------- C:\Program Files\Google
2008-02-29 18:03:59 0 d-------- C:\Documents and Settings\Jeff\Application Data\VMware
2008-02-29 17:52:23 0 d-------- C:\Program Files\VMware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
02/15/2008 06:38 AM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/15/2005 06:42 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/15/2005 06:42 AM]
"nwiz"="nwiz.exe" [12/15/2005 06:42 AM C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [11/08/2005 10:35 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 02:27 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [06/29/2005 04:48 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/19/2007 01:39 AM]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [05/09/2007 12:41 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 07:50 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 01:56 AM C:\WINDOWS\system32\bthprops.cpl]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 02:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [08/23/2007 06:36 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 10:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [5/3/2006 6:40:23 AM]
NETGEAR ProSafe VPN Client.lnk - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe [1/22/2008 2:26:01 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDService"= {1e4d0049-c937-44ee-8854-3bb53776041b} - C:\WINDOWS\Resources\CDService.dll [04/08/2008 08:40 AM 12330]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-04-11 17:25:53 ------------


Deckard Extra File

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 1022.04 MiB / 206.59 MiB
Pagefile Memory (total/avail): 2458.19 MiB / 1749.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.02 MiB

C: is Fixed (NTFS) - 80.22 GiB total, 29.33 GiB free.
D: is Fixed (NTFS) - 93.16 GiB total, 71.57 GiB free.
E: is Fixed (FAT32) - 11.9 GiB total, 0.12 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541010G9SA00 - 93.16 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 80.22 GiB - C:
\PARTITION1 - Unknown - 11.93 GiB - E:
\PARTITION2 - Unknown - 1027.6 MiB

\\.\PHYSICALDRIVE1 - HTS541010G9SA00 - 93.16 GiB - 1 partition
\PARTITION0 - Installable File System - 93.16 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: Trend Micro Internet Security Pro v16.10.1079 () Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\ViewLog.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\CmonApp.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\vpn.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\STC\\QA07\\wwwroot\\cbt.exe"="C:\\Program Files\\STC\\QA07\\wwwroot\\cbt.exe:*:Enabled:Local Web Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\ViewLog.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\CmonApp.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\vpn.exe"="C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeff\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JEFF-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeff
LOGONSERVER=\\JEFF-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeff\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jeff\LOCALS~1\Temp
USERDOMAIN=JEFF-LAPTOP
USERNAME=Jeff
USERPROFILE=C:\Documents and Settings\Jeff
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeff (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3rd PlanIt --> "C:\WINDOWS\3rd PlanIt\uninstall.exe" "/U:C:\Program Files\3rd PlanIt\Uninstall\uninstall.xml"
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
Cadrail 8 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cadrail 8\DeIsL1.isu" -c"C:\Program Files\Cadrail 8\_ISREG32.DLL"
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DeLorme Phone Data 2008 --> MsiExec.exe /I{0113910E-8934-4CC7-9FDE-C177B9206CC9}
DeLorme Street Atlas USA 2008 Plus --> MsiExec.exe /I{3F7D7F4A-6F41-4FCE-80B3-DB4210FA01EA}
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Jeff\Application Data\HouseCall 6.6\uninstaller.exe"
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP User Guides 0011 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1313740E-0072-4E2D-A628-DEFCD38B577A}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
Intel® Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
NETGEAR ProSafe VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\Setup\Setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PhoenixCreator --> MsiExec.exe /X{8E34369A-99A4-4973-99D4-E6AB8F7737C0}
PhoenixRC --> MsiExec.exe /I{86404000-52CF-41AE-9B2E-85892F7CB7D4}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Privacy Guardian 4.1 --> "C:\Program Files\Privacy Guardian\unins000.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
STC Series 7 Q and A Final --> C:\PROGRA~1\STC\QA07\UNWISE.EXE C:\PROGRA~1\STC\QA07\INSTALL.LOG
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
SureThing CD Labeler LightScribe Trial 5 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Trend Micro Internet Security Pro --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Video Piggy --> MsiExec.exe /I{F6A5A994-8090-405A-BA38-E5EC822BFE8B}
VMware Infrastructure Update --> MsiExec.exe /X{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}
VMware Virtual Infrastructure Client 2.0 --> MsiExec.exe /X{C7134CDC-2000-1967-A00D-0244A64A998F}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1272 / Warning
Event Submitted/Written: 04/11/2008 07:14:37 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1262 / Warning
Event Submitted/Written: 04/10/2008 11:43:08 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1257 / Warning
Event Submitted/Written: 04/10/2008 11:34:11 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type1256 / Warning
Event Submitted/Written: 04/10/2008 11:34:11 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type1255 / Warning
Event Submitted/Written: 04/10/2008 11:34:11 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40263 / Error
Event Submitted/Written: 04/11/2008 04:50:44 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type40262 / Error
Event Submitted/Written: 04/11/2008 04:33:23 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type40261 / Error
Event Submitted/Written: 04/11/2008 04:16:12 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type40260 / Error
Event Submitted/Written: 04/11/2008 03:58:01 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type40259 / Error
Event Submitted/Written: 04/11/2008 03:41:10 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.



-- End of Deckard's System Scanner: finished at 2008-04-11 17:25:53 ------------


Kaspersky File

Friday, April 11, 2008 5:13:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 698236


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 120585
Number of viruses found 4
Number of infected objects 9
Number of suspicious objects 0
Duration of the scan process 02:14:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped

C:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058} Object is locked skipped

C:\Documents and Settings\Jeff\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Identities\{F71B5959-30EB-4602-8572-F92EE25554BB}\Microsoft\Outlook Express\DT admin.dbx/[From secur@logoluso.com][Date Fri, 6 2006 07:00:29 +0600]/UNNAMED/Update-KB2171-x86.zip/Update-KB2171-x86.exe Infected: Email-Worm.Win32.Warezov.gen skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Identities\{F71B5959-30EB-4602-8572-F92EE25554BB}\Microsoft\Outlook Express\DT admin.dbx/[From secur@logoluso.com][Date Fri, 6 2006 07:00:29 +0600]/UNNAMED/Update-KB2171-x86.zip Infected: Email-Worm.Win32.Warezov.gen skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Identities\{F71B5959-30EB-4602-8572-F92EE25554BB}\Microsoft\Outlook Express\DT admin.dbx/[From secur@logoluso.com][Date Fri, 6 2006 07:00:29 +0600]/UNNAMED Infected: Email-Worm.Win32.Warezov.gen skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Identities\{F71B5959-30EB-4602-8572-F92EE25554BB}\Microsoft\Outlook Express\DT admin.dbx Mail MS Outlook 5: infected - 3 skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-CF-20080410-104846-843.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-COMSVR-20080410-105627-375.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-20080410-104307-108.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-072155-000.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-072329-343.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-082352-203.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-082459-375.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-082923-359.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-105737-709.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-132028-984.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-133243-816.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-TGP-TB-20080411-134020-452.log Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\MSHist012008041120080412\index.dat Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\fla1F.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\fla56.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\fla58.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\fla6F.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\fla7A.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\flaAF.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\flaEF.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\~DF9E92.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temp\~DFDC39.tmp Object is locked skipped

C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jeff\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jeff\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\isakmp.log Object is locked skipped

C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP453\A0044755.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dsr skipped

C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP453\A0044756.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dsr skipped

C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP468\change.log Object is locked skipped

C:\WINDOWS\apoxqwfv.exe Infected: not-a-virus:AdWare.Win32.Vapsup.dsr skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{43EDE97E-A2B1-479C-BCBA-00FC249FFAFB}.crmlog Object is locked skipped

C:\WINDOWS\Resources\CDService.dll Infected: Trojan.Win32.Agent.jqa skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\vnbptxlf.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dsk skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 15 April 2008 - 05:48 PM

Hello jwc56,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Trend Micro Antivirus before running ComboFix, as it will prevent it from running.


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT

You DO NOT need to have the Windows CD to install Recovery Console!

When Recovery Console installs correctly, ComboFix will give you a log like this:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons



We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disconnect from the Internet.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 15 April 2008 - 05:50 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 11:21 AM

Hi Mike,

Thanks for taking a look at this. I followed the instructions that you gave and started combofix. It has been running now for for 1 hour and 45 minutes. The blue autoscan screen is on the desk top and the disk light is flashing. I am going to leave it undisturbed and running until directed otherwise.

Thanks

Jeff

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 16 April 2008 - 02:16 PM

Hi Jeff,

Did you install Recovery Console before you run ComboFix? <== IMPORTANT

Did you disable your Trend Micro Antivirus program before running ComboFix? If it is active, then it will stop it from running.


Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Edited by SifuMike, 16 April 2008 - 02:31 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 02:22 PM

Going about 5 hours now. Is it hung up or is this typical?

Disk light is still active.

Jeff

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 16 April 2008 - 02:28 PM

Read my previous post.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 02:35 PM

Hi Mike just saw your reply.

Yes I installed recovery panel for XP home. ( I have media edition) I followed instructions on the link, drug and dropped the xp icon that was downloaded over the combofix icon.

Yes I disabled the antivirus and firewall by turning them off in their respective menus.

I just checked task manager and it has none of the processes open that you referenced.

I followed the combofix tutorial that you referenced and got the screens that they referenced right up to completed stage X. It did change the clock settings.

I did not reboot the computer after installing the recovery console.

What is the next step?

Thanks
Jeff

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 16 April 2008 - 02:43 PM

Hi Jeff,

Did you put ComboFix on the Desktop? If so, then continue.


Disable your antivirus program.

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

ComboFix should not take longer then 20 minutes to run.

Edited by SifuMike, 16 April 2008 - 02:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 03:06 PM

Combofix is on the desktop.

Antivirus is off, short of uninstalling it.

I entered the above code to the command line and it opened a new window:

Please wait.
ComboFix is preparing to run.

Then it closed the previous window.

Has been sitting there for about 10 minutes with no disk activity. Mouse has not been moved into or clicked on screen.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 16 April 2008 - 03:42 PM

Hi Jeff,

Delete the version of ComboFix you have on your computer and download a new version.


Then start your computer in the Save Mode, and run ComboFix.

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.




Post the ComboFix log.
It should take less than 20 minutes to run.

Let me know if you have problems.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 04:31 PM

Here is the text file.

Interesting to note that it says the recovery console is not installed, yet it showed installing it during the set up.

I also uninstalled Trendmicro this time.

jeff

Attached Files



#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 16 April 2008 - 04:34 PM

Please do not attach the combofix log, it is too hard to read that way.

Post the contents of Combofix.txt

the recovery console is not installed, yet it showed installing it during the set up.



It looks like Recovery Console is not installed. :thumbsup:
When Recovery Console installs correctly, ComboFix will give you a log like this:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


Edited by SifuMike, 16 April 2008 - 05:19 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 06:15 PM

I just looked at it again and tried to install the console. It said that console was already installed. I rebooted machine and the console option came up on the reboot. So it is definately there.

Would you like me to run combofix again?

Jeff

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 PM

Posted 16 April 2008 - 06:32 PM

First, post the ComboFix log as I previously asked you. Do NOT attach it. It will be at ComboFix.txt.


Would you like me to run combofix again?


Do not run ComboFix again.


Second, tell me what version of windows you are running.
I think you may have installed Recovery Console incorrectly. How did you install Recovery Console?
Did you drag and drop one of the two microsoft programs the site listed? Which one did you use: Home or Professional ?

Edited by SifuMike, 16 April 2008 - 06:37 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 jwc56

jwc56
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 16 April 2008 - 07:22 PM

I'm running:

Windows XP
Media Center Edition
Version 2002
Service Pack 2

I installed the home edition of Recovery console by dragging and dropping it on the combofix icon.



ComboFix 08-04-15.8 - Jeff 2008-04-16 16:09:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jeff\Desktop\Error Cleaner.url
C:\Documents and Settings\Jeff\Desktop\Privacy Protector.url
C:\Documents and Settings\Jeff\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Jeff\Favorites\Error Cleaner.url
C:\Documents and Settings\Jeff\Favorites\Privacy Protector.url
C:\Documents and Settings\Jeff\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\index.dat
C:\Program Files\stc
C:\Program Files\stc\QA07\INSTALL.LOG
C:\Program Files\stc\QA07\UNWISE.EXE
C:\Program Files\stc\QA07\wwwroot\cbt.exe
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\SqlFunctions.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\TdsConnection.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\TdsDatabaseMetaData.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\TdsDriver.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\TdsResultSet.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\TdsResultSetMetaData.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\TdsStatement.class
C:\Program Files\stc\QA07\wwwroot\com\inet\tds\vssver.scc
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam1.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam10.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam11.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam12.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam13.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam14.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam15.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam16.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam17.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam18.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam19.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam2.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam20.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam21.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam22.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam3.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam4.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam5.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam6.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam7.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam8.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\Cs7exam9.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\category\vssver.scc
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\Cs7exam15.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam1.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam10.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam11.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam12.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam13.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam2.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam3.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam4.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam5.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam6.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam7.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam8.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\S7exam9.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\open\vssver.scc
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam1.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam10.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam11.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam12.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam13.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam2.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam3.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam4.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam5.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam6.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam7.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam8.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\S7exam9.htm
C:\Program Files\stc\QA07\wwwroot\Courses\iLQA07\vssver.scc
C:\Program Files\stc\QA07\wwwroot\Data.mdb
C:\Program Files\stc\QA07\wwwroot\default Log 20060430.hsl
C:\Program Files\stc\QA07\wwwroot\default Log 20060501.hsl
C:\Program Files\stc\QA07\wwwroot\default Log 20060503.hsl
C:\Program Files\stc\QA07\wwwroot\default Log 20060506.hsl
C:\Program Files\stc\QA07\wwwroot\default Log 20060513.hsl
C:\Program Files\stc\QA07\wwwroot\default Log 20060515.hsl
C:\Program Files\stc\QA07\wwwroot\default.htm
C:\Program Files\stc\QA07\wwwroot\images\650150A.gif
C:\Program Files\stc\QA07\wwwroot\images\650150B.gif
C:\Program Files\stc\QA07\wwwroot\images\6502104A.gif
C:\Program Files\stc\QA07\wwwroot\images\6502104B.gif
C:\Program Files\stc\QA07\wwwroot\images\6502104c.gif
C:\Program Files\stc\QA07\wwwroot\images\6502104d.gif
C:\Program Files\stc\QA07\wwwroot\images\6503112.gif
C:\Program Files\stc\QA07\wwwroot\images\650327.gif
C:\Program Files\stc\QA07\wwwroot\images\650372.gif
C:\Program Files\stc\QA07\wwwroot\images\650380A.gif
C:\Program Files\stc\QA07\wwwroot\images\650380B.gif
C:\Program Files\stc\QA07\wwwroot\images\650433.gif
C:\Program Files\stc\QA07\wwwroot\images\650495.gif
C:\Program Files\stc\QA07\wwwroot\images\650505a.gif
C:\Program Files\stc\QA07\wwwroot\images\650505b.gif
C:\Program Files\stc\QA07\wwwroot\images\650505c.gif
C:\Program Files\stc\QA07\wwwroot\images\650505d.gif
C:\Program Files\stc\QA07\wwwroot\images\650505e.gif
C:\Program Files\stc\QA07\wwwroot\images\650505f.gif
C:\Program Files\stc\QA07\wwwroot\images\650505g.gif
C:\Program Files\stc\QA07\wwwroot\images\650517.gif
C:\Program Files\stc\QA07\wwwroot\images\6P0221.gif
C:\Program Files\stc\QA07\wwwroot\images\6P0616.gif
C:\Program Files\stc\QA07\wwwroot\images\buildings1.gif
C:\Program Files\stc\QA07\wwwroot\images\buildings2.gif
C:\Program Files\stc\QA07\wwwroot\images\buildings3.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonDownloadOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonDownloadON.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonForgetPassword.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonLoginAssistance.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonLoginSubmit.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonLoginSubmit2.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonNewUserHere.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonnext.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonPassword.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonprevious.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonQuizCenterOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonQuizCenterON.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonStcHomeOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\buttonStcHomeON.gif
C:\Program Files\stc\QA07\wwwroot\images\clickToContinue.gif
C:\Program Files\stc\QA07\wwwroot\images\clickToContinue2.gif
C:\Program Files\stc\QA07\wwwroot\images\clickToLogin.gif
C:\Program Files\stc\QA07\wwwroot\images\forgotpasswd.gif
C:\Program Files\stc\QA07\wwwroot\images\headerBottom.gif
C:\Program Files\stc\QA07\wwwroot\images\headerLogo.gif
C:\Program Files\stc\QA07\wwwroot\images\headerPrintArea.gif
C:\Program Files\stc\QA07\wwwroot\images\headerQuizCenter.gif
C:\Program Files\stc\QA07\wwwroot\images\headerSpacer.gif
C:\Program Files\stc\QA07\wwwroot\images\headerTop.gif
C:\Program Files\stc\QA07\wwwroot\images\imageChess.gif
C:\Program Files\stc\QA07\wwwroot\images\imageCity1.gif
C:\Program Files\stc\QA07\wwwroot\images\imageCity2.gif
C:\Program Files\stc\QA07\wwwroot\images\leftbottom.gif
C:\Program Files\stc\QA07\wwwroot\images\Lefttop.gif
C:\Program Files\stc\QA07\wwwroot\images\loginBox1.gif
C:\Program Files\stc\QA07\wwwroot\images\loginBox2.gif
C:\Program Files\stc\QA07\wwwroot\images\loginBox3.gif
C:\Program Files\stc\QA07\wwwroot\images\loginBox4.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Button_04.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Button_05.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-passwd.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Step-1-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Step-2-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Step-3-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-Step-3-Button_02.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD-username.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD Sidebar.gif
C:\Program Files\stc\QA07\wwwroot\images\NASD Title AML course.gif
C:\Program Files\stc\QA07\wwwroot\images\needMicrosoft.gif
C:\Program Files\stc\QA07\wwwroot\images\needNetscape.gif
C:\Program Files\stc\QA07\wwwroot\images\needUpgrade.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\answerA.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\answerB.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\answerC.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\answerD.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\BottomBarLine.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\BottomLeftCurve.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\BottomRightCurve.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonGradeQuiz.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonNoPause.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonPause.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonPopUp.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonPressToContinue.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonRetakeExam.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\buttonRetakeQuiz.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReturntoExam.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewAll.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewAllQuestions.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewHistory.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewIncorrect.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewNoIncorrect.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewOnlyIncorrect.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewQuestionsMarked.GIF
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewSelected.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ButtonReviewSelectedOld.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Choose1.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\ChooseOne.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Copy of BottomBarLine.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Copy of ButtonPause.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\FirstNO.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\FirstOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\FirstON.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Go.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Header.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Header2.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderBookmark.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderContents.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderContents2.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderExit.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderExit2.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderNew.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderNew2.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\HeaderPlain.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Jumpto.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\LastNO.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\LastOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\LastON.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\LayoutExamFinished.JPG
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\LayoutExamPaused.JPG
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\NextNO.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\NextOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\NextON.GIF
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\PopUpCancel.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\PopUpSubmit1.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\PopUpSubmit2.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\PreviousNO.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\PreviousOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\PreviousON.GIF
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\Ref.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelAOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelAON.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelAYES.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelBOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelBON.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelBYES.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelCOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelCON.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelCYES.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelDOFF.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelDON.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\SidePanelDYES.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\spacer.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\TopCurveBottomLine.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\TopLeftCurve.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\TopRightCurve.gif
C:\Program Files\stc\QA07\wwwroot\images\quiz\images\vssver.scc
C:\Program Files\stc\QA07\wwwroot\images\redflag.gif
C:\Program Files\stc\QA07\wwwroot\images\Right.gif
C:\Program Files\stc\QA07\wwwroot\images\sortasc.gif
C:\Program Files\stc\QA07\wwwroot\images\sortdesc.gif
C:\Program Files\stc\QA07\wwwroot\images\under.gif
C:\Program Files\stc\QA07\wwwroot\images\vssver.scc
C:\Program Files\stc\QA07\wwwroot\JavaQuiz.class
C:\Program Files\stc\QA07\wwwroot\JavaQuizAnswer.class
C:\Program Files\stc\QA07\wwwroot\JavaQuizInterface.class
C:\Program Files\stc\QA07\wwwroot\JavaQuizQuestion.class
C:\Program Files\stc\QA07\wwwroot\jre\bin\ActPanel.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\agent.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\awt.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\beans.ocx
C:\Program Files\stc\QA07\wwwroot\jre\bin\classic\jvm.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\classic\vssver.scc
C:\Program Files\stc\QA07\wwwroot\jre\bin\classic\Xusage.txt
C:\Program Files\stc\QA07\wwwroot\jre\bin\cmm.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\dcpr.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\fontmanager.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\hpi.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\hprof.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\ioser12.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\java.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\java.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\javaw.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\jawt.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\jcov.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\JdbcOdbc.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\jpeg.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\jpins32.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\jpishare.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\jsound.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\keytool.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\msvcrt.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\net.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\npjava11.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\npjava12.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\npjava32.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\packager.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\plugincpl.cpl
C:\Program Files\stc\QA07\wwwroot\jre\bin\policytool.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\rmid.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\rmiregistry.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\tnameserv.exe
C:\Program Files\stc\QA07\wwwroot\jre\bin\verify.dll
C:\Program Files\stc\QA07\wwwroot\jre\bin\vssver.scc
C:\Program Files\stc\QA07\wwwroot\jre\bin\zip.dll
C:\Program Files\stc\QA07\wwwroot\jre\lib\content-types.properties
C:\Program Files\stc\QA07\wwwroot\jre\lib\flavormap.properties
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.ar
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.iw
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.ja
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.ko
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.ru
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.th
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.zh
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.zh.NT4.0
C:\Program Files\stc\QA07\wwwroot\jre\lib\font.properties.zh_TW
C:\Program Files\stc\QA07\wwwroot\jre\lib\i18n.jar
C:\Program Files\stc\QA07\wwwroot\jre\lib\jaws.jar
C:\Program Files\stc\QA07\wwwroot\jre\lib\jawt.lib
C:\Program Files\stc\QA07\wwwroot\jre\lib\jvm.cfg
C:\Program Files\stc\QA07\wwwroot\jre\lib\jvm.hprof.txt
C:\Program Files\stc\QA07\wwwroot\jre\lib\jvm.jcov.txt
C:\Program Files\stc\QA07\wwwroot\jre\lib\rt.jar
C:\Program Files\stc\QA07\wwwroot\jre\lib\security\cacerts
C:\Program Files\stc\QA07\wwwroot\jre\lib\security\java.policy
C:\Program Files\stc\QA07\wwwroot\jre\lib\security\java.security
C:\Program Files\stc\QA07\wwwroot\jre\lib\security\vssver.scc
C:\Program Files\stc\QA07\wwwroot\jre\lib\sunrsasign.jar
C:\Program Files\stc\QA07\wwwroot\jre\lib\tzmappings
C:\Program Files\stc\QA07\wwwroot\jre\lib\vssver.scc
C:\Program Files\stc\QA07\wwwroot\jre\vssver.scc
C:\Program Files\stc\QA07\wwwroot\jre\Welcome.html
C:\Program Files\stc\QA07\wwwroot\kobixx\cgi\TemplateHook.class
C:\Program Files\stc\QA07\wwwroot\kobixx\cgi\vssver.scc
C:\Program Files\stc\QA07\wwwroot\KoTemplateBuilder.class
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\Adobe.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\blank.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buildings1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buildings2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buildings3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonAddcourseOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonAddCourseON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonArrowBlank.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonArrowOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonArrowON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBack.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBackOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBackON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBacktostcOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBackToStcON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBookmarkOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBookmarkON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBoxBack.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBoxSubmit2OFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBoxSubmitOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBoxSubmitON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBugOff.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonBugON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonCalendarOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonCalendarON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonCancelOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonCancelON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonContentsOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonContentsON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonContinue.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonContinueSmall.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonCourseBackOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonCourseBackON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonDownloadOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonDownloadON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonEnrollOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonEnrollON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonForgetPassword.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonForgotPassword.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonGetResults89.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonGetResultsOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonGetResultsON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonGlossaryOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonGlossaryON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonHelpOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonHelpON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonHistoryOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonHistoryON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonHomeroomOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonHomeroomON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonInfoOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonInfoON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLessonBackOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLessonBackON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLessonNextOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLessonNextON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLogin.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLoginAgain.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLoginAssistance.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLoginBackOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLoginBackON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLoginGoOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonLoginGoON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonNewUser.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonNewUserHere.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonnext.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonOkOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonOkON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonPassword.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonprevious.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonQSubmitOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonQSubmitON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonQuizCenterOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonQuizCenterON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\ButtonReset.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonResetOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonResetON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonReviewOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonReviewON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSearchOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSearchON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonStartOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonStartON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonStc2HomeOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonStc2HomeON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonStudentProfile.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSubmit.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSubmit89.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSubmitOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSubmitON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonSubmitProfile.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonTophelpOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonTophelpON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonTryAgain.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonUploadOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\buttonUploadON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\ButtonViewCalendar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\CalendarHeading.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\check.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\checkBoxOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\checkBoxON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\checkMark.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\checkMarkOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\checkMarkON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\ChooseStartDate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\city3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\clear.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\clickToContinue.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\flat.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\grade.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\header2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerAdmin.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerAdmin2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerAssistance.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerBoxHelp.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\HeaderCalendar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerCompliance.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerConfirmation.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerCourseEnrollment.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerCourseinfo.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerCourseinfo2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerDemoroom.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerForgetPassword.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerHelp.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerHistory.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerHomeroom.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerIncorrectName.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerLogin-old.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerLogin.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerLogo.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerNavigation.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerOrientation.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerPrintArea.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerQuestion.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerQuizCenter.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerReview-o.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerReview.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerSidebar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerSidebar1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerSidebar2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerSpacer.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerSpacer2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerStatusReports.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerStatusReports.jpg
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerStep1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerStep2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerStudentProfile.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerSurvey.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerThisIsDemoRoom.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerThisIsHomeRoom.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\headerWelcome.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\helpBack.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\helpNext.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\helpQuestion.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\helpSidebar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\homeroomArrow.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\imageChess.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\imageCity1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\imageCity2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\imageClockChess.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\labelResults.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\LeftArrow.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\loginBox1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\loginBox2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\loginBox3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\loginBox4.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\mark.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\minus.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\next.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\next_year.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\nheaderConfirmation.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\nheaderOrientation.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\nheaderWelcome.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\plus.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popCity.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popCloseOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popCloseON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popGetResults.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popGlossary.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popHelp.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popQuestion.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popSidebar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popSubmitOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\popSubmitON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\prev_year.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\previous.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\question.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\questionOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\questionON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\reviewOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\reviewON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\RightArrow.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\rptArrowOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\rptArrowOn.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sampleform.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sidebar-90.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sidebar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sidebarOFF.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sidebarON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sortasc.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\sortdesc.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\spacer.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\startQuiz.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\Stccorp.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tabCurrentCourses.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tabFutureCourses.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tabPastCourses.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\accountHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\Bar.jpg
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\bgPopup.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\blank.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonActivate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonBack.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\ButtonBackNew.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonClose.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonDeactivate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonDefault.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonDelete.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonEdit.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\ButtonExport.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\ButtonExportAscii.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonPassword.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\ButtonPrint.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonRunReport.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonSaveReport.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonSubmit.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonView.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\buttonViewCourses.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\centralHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\centralHomeHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\centralItem1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\centralItem2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\centralItem3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\centralItem4.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\ChartbarRC.jpg
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\classClear.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\classDate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\classHeader1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\classHeader2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\classSelect.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\classSubmit.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\courseDetailKey.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\courseHeader1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\courseHeader2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader4.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader5.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader6.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\editHeader7.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\greenArrow.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\headerActivate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\headerChangeDueDate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\headerDeactivate.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\headerDeleteRpt.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\headerSaveReport.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\icon1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\icon2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\icon3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\icon4.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\iconC.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\iconE.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\iconI.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\infoHeader1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\infoItem1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\infoItem2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\infoItem3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\nreportCourseHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\popupClear.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\popupHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\popupSubmit.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\print.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\profileHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportArrow.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportBuild.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportClose.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportCourseHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportHeader2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportHeader3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportItem1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportItem2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportItem3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportResultsHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\reportStudentHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\stdrptHeader1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\stdrptHeader2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\stdrptHeader3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\stdrptHeader4.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\studentHeader1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\studentHeader2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\studentSearch.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tabCourseEnrollment.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tabUnits.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpAccount.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpAccountON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpArrow.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpBar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpBlock.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpCornerLeft.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpCornerRight.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpGrand.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpGrandON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpHeader.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpHelp.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpHome.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpHomeON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpImage1.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpImage2.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpImage3.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpImage4.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpImage5.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpInfo.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpInfoON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpLogo.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpProfile.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpProfileON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpReport.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpReportON.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpStation.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpSTCHome.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpSTCIcons.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpSTCInteractive.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\tmpTFEN.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tc\vssver.scc
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\Tips.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\tools.png
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\topbar.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\vssver.scc
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\X1navY.gif
C:\Program Files\stc\QA07\wwwroot\kotrain\images\stc2\yourcomments.gif
C:\Program Files\stc\QA07\wwwroot\MessageHandler.class
C:\Program Files\stc\QA07\wwwroot\Nasd\images\adobe.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonBack.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonBookmarkOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonBookmarkON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonContentsOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonContentsON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonContinue.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonForgotPassword.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonHelpOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonHelpON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonHistoryOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonHistoryON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonHomeroomOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonHomeroomON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonLessonBackOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonLessonBackON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonLessonNextOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonLessonNextON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonLogin.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonLoginAgain.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonNewUser.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonStartOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonStartON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonStudentProfile.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonSubmit.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonSubmitProfile.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonTopHelpOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonTopHelpON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\buttonTryAgain.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\checkBoxOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\checkBoxON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\checkMarkOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\checkMarkON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\header.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerCourseinfo2.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerForgetPassword.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerHomeroom.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerIncorrectName.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerLogin.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerNavigation.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerReview.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerSpacer2.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerStep1.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerStep2.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\headerThisIsHomeroom.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\homeroomArrow.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Button_04.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Button_05.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-passwd.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Step-1-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Step-2-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Step-3-Button_01.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Step-3-Button_02.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-Title-AML-course.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NASD-username.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\nasd_logo.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\nheaderConfirmation.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\nheaderOrientation.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\NheaderWelcome.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\question.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\questionoff.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\questionON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\reviewOFF.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\reviewON.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\tabCurrentCourses.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\tabPastCourses.gif
C:\Program Files\stc\QA07\wwwroot\Nasd\images\vssver.scc
C:\Program Files\stc\QA07\wwwroot\savant\STCAccountHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCActivateHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCActivateSaveHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCAddAdminHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCAddStudentHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCAgreementHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCAMContentsHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCAMCourseHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCAnswerHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCBeforeQuizStartHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCBookmarkHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCBugreportHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCalendarHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCalendarViewHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCategoryHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCEQuestionObject.class
C:\Program Files\stc\QA07\wwwroot\savant\STCClassesHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCClassinfoHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCClasslistHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCompleteHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCConfirmHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCourselistHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCCoursesHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCDateHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCDateSaveHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCDebug.class
C:\Program Files\stc\QA07\wwwroot\savant\STCDeleteRptHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCDemoConfirmHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCDownloadHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCEditHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCEnrollCatHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCEnrollSaveHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCExamModeHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCExamModuleHook.class
C:\Program Files\stc\QA07\wwwroot\savant\stcException.class
C:\Program Files\stc\QA07\wwwroot\savant\STCGlossaryHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCGradeHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCHistoryHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCHomeroomHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCIdentityHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCIEOrientHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCInsuranceOptionsHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCLEQuizObject.class
C:\Program Files\stc\QA07\wwwroot\savant\STCModuleHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCNavHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCNavMenuHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCNewProfileHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCNewUserHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCOptionsHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCOrientHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCPasswordHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCPrivacyHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCProfileGetHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCProfileSetHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCPurgeHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCQuestionHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCQuestionObject.class
C:\Program Files\stc\QA07\wwwroot\savant\STCQuizCenterHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCReadProfileHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCReminderChkHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCReminderGetHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCReportContainer.class
C:\Program Files\stc\QA07\wwwroot\savant\STCReportlistHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCReviewHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunCEQuizHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunCourseHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunExamHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunexReportHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunQuizHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunReportHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunStudentHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCRunSurveyReportHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSaveOptionsHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSaveReportHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSeriesExamHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSeriesHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSeriesQuizHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSeriesTOCHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCStatReportDetailHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCStudentBoxHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCStudentInfoHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCStudentlistHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSummaryHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSurveyHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSurveyReportDetailHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCSurveyReportOptionHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCTopMenuHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCTrackingHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCUpdateProfileHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCUpdateQuizHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCUploadHook.class
C:\Program Files\stc\QA07\wwwroot\savant\STCUtil.class
C:\Program Files\stc\QA07\wwwroot\savant\toolBugReportUpdateHook.class
C:\Program Files\stc\QA07\wwwroot\savant\toolGlossaryContentHook.class
C:\Program Files\stc\QA07\wwwroot\savant\toolGlossaryLoadHook.class
C:\Program Files\stc\QA07\wwwroot\savant\toolUpdateCELessonHook.class
C:\Program Files\stc\QA07\wwwroot\savant\toolUpdateCEQuizHook.class
C:\Program Files\stc\QA07\wwwroot\savant\toolUpdateLEAnswerKeyHook.class
C:\Program Files\stc\QA07\wwwroot\scripts\loadimg.js
C:\Program Files\stc\QA07\wwwroot\scripts\logincommon.js
C:\Program Files\stc\QA07\wwwroot\scripts\main.js
C:\Program Files\stc\QA07\wwwroot\scripts\menu631.js
C:\Program Files\stc\QA07\wwwroot\scripts\vssver.scc
C:\Program Files\stc\QA07\wwwroot\Shelexec.exe
C:\Program Files\stc\QA07\wwwroot\start.htm
C:\Program Files\stc\QA07\wwwroot\stcException.class
C:\Program Files\stc\QA07\wwwroot\stctrain.class
C:\Program Files\stc\QA07\wwwroot\TemplateBuilder.class
C:\Program Files\stc\QA07\wwwroot\templates\Addstudent.htm
C:\Program Files\stc\QA07\wwwroot\templates\Agreement.htm
C:\Program Files\stc\QA07\wwwroot\templates\AgreementEnd.htm
C:\Program Files\stc\QA07\wwwroot\templates\BugReport.htm
C:\Program Files\stc\QA07\wwwroot\templates\CEQuizDetail.htm
C:\Program Files\stc\QA07\wwwroot\templates\ConfirmLogin.htm
C:\Program Files\stc\QA07\wwwroot\templates\CourseEnd.htm
C:\Program Files\stc\QA07\wwwroot\templates\Demo.htm
C:\Program Files\stc\QA07\wwwroot\templates\Digest.htm
C:\Program Files\stc\QA07\wwwroot\templates\DigestHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\DigestHistory.htm
C:\Program Files\stc\QA07\wwwroot\templates\DigestPopHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\disclaimer.htm
C:\Program Files\stc\QA07\wwwroot\templates\Download.htm
C:\Program Files\stc\QA07\wwwroot\templates\EndSurvey.htm
C:\Program Files\stc\QA07\wwwroot\templates\EndSurveyProcess.htm
C:\Program Files\stc\QA07\wwwroot\templates\EnrollBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\EnrollCatBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\EnrollSaveBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\evaluation.htm
C:\Program Files\stc\QA07\wwwroot\templates\Exam.htm
C:\Program Files\stc\QA07\wwwroot\templates\Exam_glossary.htm
C:\Program Files\stc\QA07\wwwroot\templates\Exam_noglossary.htm
C:\Program Files\stc\QA07\wwwroot\templates\ExamCalendar.htm
C:\Program Files\stc\QA07\wwwroot\templates\ExamCalendarView.htm
C:\Program Files\stc\QA07\wwwroot\templates\ExamHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\ExamHistory.htm
C:\Program Files\stc\QA07\wwwroot\templates\ExamPopHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\GetResults.htm
C:\Program Files\stc\QA07\wwwroot\templates\GetResultsConfirm.htm
C:\Program Files\stc\QA07\wwwroot\templates\GetResultsError.htm
C:\Program Files\stc\QA07\wwwroot\templates\Glossary.htm
C:\Program Files\stc\QA07\wwwroot\templates\HomeRoom.htm
C:\Program Files\stc\QA07\wwwroot\templates\HomeRoom_NoUpLoad.htm
C:\Program Files\stc\QA07\wwwroot\templates\HomeRoom_Upload.htm
C:\Program Files\stc\QA07\wwwroot\templates\IEOrientation.htm
C:\Program Files\stc\QA07\wwwroot\templates\javaquiz.htm
C:\Program Files\stc\QA07\wwwroot\templates\Lesson.htm
C:\Program Files\stc\QA07\wwwroot\templates\LessonExam.htm
C:\Program Files\stc\QA07\wwwroot\templates\LessonExamTop.htm
C:\Program Files\stc\QA07\wwwroot\templates\lessonNASD.htm
C:\Program Files\stc\QA07\wwwroot\templates\LessonSeries.htm
C:\Program Files\stc\QA07\wwwroot\templates\LessonSeriesExam.htm
C:\Program Files\stc\QA07\wwwroot\templates\LessonSeriesIntro.htm
C:\Program Files\stc\QA07\wwwroot\templates\Login.htm
C:\Program Files\stc\QA07\wwwroot\templates\LoginHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\menu.htm
C:\Program Files\stc\QA07\wwwroot\templates\Module.htm
C:\Program Files\stc\QA07\wwwroot\templates\ModuleHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\ModuleHistory.htm
C:\Program Files\stc\QA07\wwwroot\templates\ModulePopHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\NewUser.htm
C:\Program Files\stc\QA07\wwwroot\templates\OnLineTools.htm
C:\Program Files\stc\QA07\wwwroot\templates\Orientation.htm
C:\Program Files\stc\QA07\wwwroot\templates\pause.htm
C:\Program Files\stc\QA07\wwwroot\templates\Privacy.htm
C:\Program Files\stc\QA07\wwwroot\templates\Profile.htm
C:\Program Files\stc\QA07\wwwroot\templates\ProfileConfirm.htm
C:\Program Files\stc\QA07\wwwroot\templates\PurgeCourse.htm
C:\Program Files\stc\QA07\wwwroot\templates\QuestionBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\QuestionConfirm.htm
C:\Program Files\stc\QA07\wwwroot\templates\QuizCenter.htm
C:\Program Files\stc\QA07\wwwroot\templates\Reminder.htm
C:\Program Files\stc\QA07\wwwroot\templates\ReminderAnswer.htm
C:\Program Files\stc\QA07\wwwroot\templates\ReminderPhrase.htm
C:\Program Files\stc\QA07\wwwroot\templates\ReviewAnswers.htm
C:\Program Files\stc\QA07\wwwroot\templates\Series.htm
C:\Program Files\stc\QA07\wwwroot\templates\SeriesHistory.htm
C:\Program Files\stc\QA07\wwwroot\templates\SeriesPopHelp.htm
C:\Program Files\stc\QA07\wwwroot\templates\STCExamMode.htm
C:\Program Files\stc\QA07\wwwroot\templates\StudentProfile.htm
C:\Program Files\stc\QA07\wwwroot\templates\StudentProfileConfirm.htm
C:\Program Files\stc\QA07\wwwroot\templates\Survey.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCAccount.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCActivateBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCActivateBoxSave.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCAdminProfile.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCBoxCategories.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCBoxSave.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCBoxStudents.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCCategory.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCClass.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCClasses.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCClassinfo.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCCourse.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCCourses.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCCustom.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDateBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDateBoxSave.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDeleteBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDeleteBoxSave.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDetail1.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDetail2.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDetail3.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDetailExam1.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCDetailExam2.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCInfo.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCInsuranceOptions.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCMain.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCOptions.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCProfile.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCReport.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCReportInsuranceOptions.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCReportOptions.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCReportSurveyOptions.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCRun.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCRunex.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCRunexParas.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCSaveRptBox.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCSaveRptSubmit.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCSearch.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCSearchResults.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCStandard.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCStatisticResult.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCStatisticRun.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCStudent.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCSurveyResult.htm
C:\Program Files\stc\QA07\wwwroot\templates\TCSurveyRun.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolBugReportUpdate.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolGlossary.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolGlossaryContent.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolGlossaryLoad.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolUpdateCEAnswerKey.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolUpdateCEQuiz.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolUpdateLEAnswerKey.htm
C:\Program Files\stc\QA07\wwwroot\templates\toolUpdateLessonContent.htm
C:\Program Files\stc\QA07\wwwroot\templates\updatequiz.htm
C:\Program Files\stc\QA07\wwwroot\templates\Upload.htm
C:\Program Files\stc\QA07\wwwroot\templates\vssver.scc
C:\Program Files\stc\QA07\wwwroot\UserGuide.htm
C:\Program Files\stc\QA07\wwwroot\vssver.scc
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\resources\CDService.dll
C:\WINDOWS\vnbptxlf.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 12:36 . 2008-04-15 12:39 <DIR> d-------- C:\Documents and Settings\Jeff\.housecall6.6
2008-04-14 09:53 . 2008-04-16 16:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-14 09:53 . 2008-04-14 09:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-13 13:45 . 2008-04-13 13:45 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\dvdcss
2008-04-13 13:40 . 2008-04-13 13:40 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-13 13:40 . 2007-09-17 04:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-04-13 13:40 . 2007-09-17 04:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-11 17:19 . 2008-04-11 17:19 <DIR> d-------- C:\Deckard
2008-04-11 13:40 . 2008-04-11 13:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-11 13:40 . 2008-04-11 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-11 01:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 01:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-10 23:37 . 2008-04-10 23:37 <DIR> d-------- C:\Program Files\MSBuild
2008-04-10 23:31 . 2008-04-10 23:31 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 23:30 . 2008-04-10 23:30 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-10 23:29 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-10 23:28 . 2008-04-10 23:28 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-10 21:26 . 2008-04-10 21:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-10 14:15 . 2008-04-10 14:15 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-10 12:44 . 2008-04-10 12:44 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-10 12:44 . 2005-04-20 14:21 1,705,472 --------- C:\WINDOWS\system32\dllcache\netshell.dll
2008-04-10 12:44 . 2005-04-20 14:21 474,624 --------- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2008-04-10 12:44 . 2005-04-20 14:21 381,440 --------- C:\WINDOWS\system32\dllcache\wzcdlg.dll
2008-04-10 12:44 . 2006-11-01 02:14 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-04-10 12:44 . 2005-04-20 14:21 52,736 --------- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2008-04-10 12:44 . 2005-04-19 18:54 14,592 --------- C:\WINDOWS\system32\dllcache\ndisuio.sys
2008-04-10 10:34 . 2008-04-16 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-10 10:33 . 2008-04-16 16:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 03:02 . 2008-04-10 03:02 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 15:59 . 2008-04-08 15:59 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\TmpRecentIcons
2008-04-07 20:42 . 2008-04-07 20:42 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-04-07 02:00 . 2008-04-07 02:00 <DIR> d-------- C:\Program Files\iPod
2008-04-04 13:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-04 13:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-21 01:00 . 2008-03-21 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 21:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 14:01 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Netscape
2008-04-16 14:00 --------- d-----w C:\Program Files\3rd PlanIt
2008-04-12 18:27 --------- d-----w C:\Program Files\Yahoo!
2008-04-11 14:57 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Apple Computer
2008-04-10 20:36 --------- d-----w C:\Program Files\Uniblue
2008-04-10 20:36 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Uniblue
2008-04-07 16:06 --------- d-----w C:\Program Files\PhoenixRC
2008-04-07 07:01 --------- d-----w C:\Program Files\iTunes
2008-04-07 06:56 --------- d-----w C:\Program Files\QuickTime
2008-03-21 10:48 --------- d-----w C:\Program Files\Java
2008-03-20 10:45 --------- d-----w C:\Program Files\Google
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-29 23:03 --------- d-----w C:\Documents and Settings\Jeff\Application Data\VMware
2008-02-29 22:52 --------- d-----w C:\Program Files\VMware
2008-02-29 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2005-09-24 08:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-05-03 02:43 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3AB99368-48AF-4A01-B845-2904204948B5}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]
[HKEY_CLASSES_ROOT\vnbptxlf]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 06:42 7331840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-15 06:42 86016]
"nwiz"="nwiz.exe" [2005-12-15 06:42 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-08 10:35 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-06-29 16:48 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-19 01:39 185896]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-05-09 12:41 2299400]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [ ]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2006-05-03 06:40:23 114688]
NETGEAR ProSafe VPN Client.lnk - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe [2008-01-22 14:26:01 77876]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe"=
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2007-09-27 14:09]
R2 Crypto;Crypto;C:\WINDOWS\system32\Drivers\Crypto.sys [2005-08-15 10:27]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 17:26]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 08:27]
S3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2007-10-18 12:08]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 18:22]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 16:15:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-16 16:16:50
ComboFix-quarantined-files.txt 2008-04-16 21:16:44

Pre-Run: 32,179,859,456 bytes free
Post-Run: 33,062,612,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
.
2008-04-12 08:10:53 --- E O F ---




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users