Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack Log

Started by northernmist , Jan 31 2007 05:44 AM

This topic is locked

#1
northernmist

Posted 31 January 2007 - 05:44 AM

Member

Member
52 posts

Can someone check this log out for me please.

When I do a AVG virus scan it comes up as the following
Posted Image

Logfile of HijackThis v1.99.1
Scan saved at 8:10:41 AM, on 1/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\sysamp.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169163356894
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169169689446
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you.

Edited by northernmist, 31 January 2007 - 05:45 AM.

#2
Excal

Posted 03 February 2007 - 01:02 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Hi northernmist and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:whistling:

Excal

#3
northernmist

Posted 03 February 2007 - 03:49 PM

Member

Topic Starter
Member
52 posts

Still having the same problem. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 6:18:08 PM, on 2/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\sysamp.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169163356894
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169169689446
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4
Excal

Posted 03 February 2007 - 09:53 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

It appears that you are reinfected :blink:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,

Excal

#5
northernmist

Posted 04 February 2007 - 07:54 AM

Member

Topic Starter
Member
52 posts

Ok..

SDFix: Version 1.63

Sun 02/04/2007 - 10:12:02.42

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Mstinit

Path:
"C:\WINDOWS\mstinit.exe"

Mstinit Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

C:\WINDOWS\system32\Microsoft\backup.ftp Found...
C:\WINDOWS\system32\Microsoft\backup.tftp Found...

Checking files:

Genuine:

Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:

Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\044a6f562ca5290509d799bf41a52aed\download\BIT18.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f034613258cda0f8c8da15d1b762ae0\download\BIT26.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f1d9525936bd5663571785a751b32e3\download\BIT28.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\12872a4fd5ad52aafc9035961c16e563\download\BIT12.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1677bddc08fb72da2e81378c43c92308\download\BIT11.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2599f89a22d2a65299ffec348453588c\download\BIT1D.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\298e7ea8e15e512fc2290a7c10f398c7\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2991f70fec08210a301ba3d28684d595\download\BIT2A.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\35cce4c0c04512d0bce9f3bf12fcbdee\download\BIT10.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3a84255fa53bf624e6efd81d8d5d3ebf\download\BIT19.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\437c027c64a0cdea5e7269513ccd1066\download\BIT25.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4507315e795e4b1a19374ad387e506fb\download\BIT16.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\483b14dfd4304c14bae99ca9db08dab8\BIT14.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b06da40652f8ab972561e743ae05a96\download\BIT21.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\70bee86dd2b52f0c3f60c71113182f25\download\BIT1B.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74fcdfbc02664dce84136c891758e123\download\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\79a472c662fcaea1ff845b3a03de2d4f\download\BIT13.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a0b2e29d3aa48d4be478bc6a367b3b1\download\BITF.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b89badbc70122a40a6febf9aa0c6d0dd\download\BIT17.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\download\BIT1F.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd2c412f5748f6bd7110bae5c7f908e8\download\BIT1A.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c38f81748688325a9df6ee13850c72ae\download\BIT23.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c9ca23e0db0bf40b7c223d3803986f23\download\BIT22.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd5f937d0efd28640769c02449cb1c5f\download\BIT20.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e248e6e6cf7cf235ca9adad589c1947a\download\BIT15.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e2b4d3fe99fff743f9d3d64ed7c7e582\download\BIT27.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e8aaf3d0f5a2a9436cb55a74f4d86214\download\BIT1E.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ead7837e90f144c8b951601ec9bcfe5a\download\BIT24.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ec4bd1527b43d202e7c5588f67b971f6\download\BIT29.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa998053d8f05286f86623337cfbdf24\download\BIT1C.tmp

Finished

and

Logfile of HijackThis v1.99.1
Scan saved at 10:21:04 AM, on 2/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\sysamp.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169163356894
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169169689446
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you :whistling:

#6
Excal

Posted 06 February 2007 - 03:13 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

I am sorry that i haven't replied earlier, but for some reason, I never got a notification that you replied :whistling:

DOWNLOAD PROGRAMS

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
*NOTE* ATF deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\sysamp.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe

7. click the Fix Checked box

8. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\System32\sysamp.exe

9. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

#7
northernmist

Posted 06 February 2007 - 10:04 PM

Member

Topic Starter
Member
52 posts

Hi there. No problem with the delay. I think this is the same problem I had a couple of weeks ago that we thought was fixed. I haven't noticed any trouble with my pc until I did the virus scan and noticed some files have been changed!!

ACTIVESCAN

Incident Status Location

Virus:Trj/Sfc.A.mod Disinfected Operating system
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\llctttim.default\cookies.txt[.statcounter.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\NEW\SDFix.exe[SDFix\apps\Process.exe]

HJT
Logfile of HijackThis v1.99.1
Scan saved at 12:31:22 AM, on 2/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\sysamp.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169163356894
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169169689446
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you.

#8
Excal

Posted 06 February 2007 - 11:19 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Were these files there when you went to delete them?

C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\System32\sysamp.exe

:whistling:

Excal

#9
northernmist

Posted 07 February 2007 - 05:38 AM

Member

Topic Starter
Member
52 posts

They were in the HJT program and I did what you said to do there. But when I looked and did a search for them in the windows\system32 folder nada! :blink:

#10
Excal

Posted 07 February 2007 - 07:30 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Download WinPFind
don't do anything with it yet.

boot into safe mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Locate WinPFind.exe on your desktop and double-click this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

reboot

Please post the winpfind log

#11
northernmist

Posted 07 February 2007 - 04:36 PM

Member

Topic Starter
Member
52 posts

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 2/7/2007 5:01:41 PM
WinPFind v1.5.0 Folder = C:\win_find\WinPFind\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 8:30:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 3:19:46 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 3:19:46 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/23/2001 8:30:00 AM 1135616 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
WSUD 8/23/2001 8:30:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/29/2002 12:11:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/23/2001 8:30:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...
UPX! 1/18/2007 10:35:38 PM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 1/18/2007 10:35:38 PM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 1/18/2007 10:35:38 PM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 1/18/2007 10:35:38 PM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/7/2007 4:58:20 PM S 2048 C:\WINDOWS\bootstat.dat ()
2/7/2007 12:50:16 AM H 54156 C:\WINDOWS\QTFont.qfn ()
1/18/2007 7:31:28 PM HS 43 C:\WINDOWS\removalfile.bat ()
1/18/2007 7:37:56 PM RH 749 C:\WINDOWS\WindowsShell.Manifest ()
1/18/2007 7:38:28 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini ()
1/18/2007 7:40:50 PM HS 67 C:\WINDOWS\Fonts\desktop.ini ()
1/18/2007 8:06:54 PM H 0 C:\WINDOWS\inf\oem0.inf ()
1/18/2007 11:02:26 PM H 0 C:\WINDOWS\inf\oem3.inf ()
1/19/2007 10:53:36 PM H 0 C:\WINDOWS\LastGood\INF\java.inf ()
1/19/2007 10:53:36 PM H 0 C:\WINDOWS\LastGood\INF\java.PNF ()
1/19/2007 9:59:44 PM H 0 C:\WINDOWS\LastGood\INF\oem2.inf ()
1/19/2007 9:59:44 PM H 0 C:\WINDOWS\LastGood\INF\oem2.PNF ()
1/19/2007 9:54:46 PM H 0 C:\WINDOWS\LastGood\INF\oem6.inf ()
1/19/2007 9:54:46 PM H 0 C:\WINDOWS\LastGood\INF\oem6.PNF ()
1/24/2007 11:27:40 AM H 0 C:\WINDOWS\LastGood\INF\wmv9dmo.inf ()
1/24/2007 11:27:40 AM H 0 C:\WINDOWS\LastGood\INF\wmv9dmo.PNF ()
1/19/2007 9:48:18 PM H 0 C:\WINDOWS\LastGood.Tmp\INF\oem4.inf ()
1/19/2007 9:48:18 PM H 0 C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF ()
1/19/2007 9:49:20 PM H 0 C:\WINDOWS\LastGood.Tmp\INF\oem5.inf ()
1/19/2007 9:49:20 PM H 0 C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF ()
1/18/2007 7:38:30 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini ()
1/18/2007 7:42:28 PM H 233472 C:\WINDOWS\repair\ntuser.dat ()
1/18/2007 9:47:54 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\044a6f562ca5290509d799bf41a52aed\download\BIT18.tmp ()
1/18/2007 9:49:24 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f034613258cda0f8c8da15d1b762ae0\download\BIT26.tmp ()
1/18/2007 9:49:48 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f1d9525936bd5663571785a751b32e3\download\BIT28.tmp ()
1/18/2007 9:47:24 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\12872a4fd5ad52aafc9035961c16e563\download\BIT12.tmp ()
1/18/2007 9:47:18 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1677bddc08fb72da2e81378c43c92308\download\BIT11.tmp ()
1/18/2007 9:48:30 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2599f89a22d2a65299ffec348453588c\download\BIT1D.tmp ()
1/18/2007 9:46:44 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\298e7ea8e15e512fc2290a7c10f398c7\BITB.tmp ()
1/18/2007 9:50:06 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2991f70fec08210a301ba3d28684d595\download\BIT2A.tmp ()
1/18/2007 9:47:10 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\35cce4c0c04512d0bce9f3bf12fcbdee\download\BIT10.tmp ()
1/18/2007 9:48:04 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3a84255fa53bf624e6efd81d8d5d3ebf\download\BIT19.tmp ()
1/18/2007 9:49:18 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\437c027c64a0cdea5e7269513ccd1066\download\BIT25.tmp ()
1/18/2007 9:47:40 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4507315e795e4b1a19374ad387e506fb\download\BIT16.tmp ()
1/18/2007 9:47:30 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\483b14dfd4304c14bae99ca9db08dab8\BIT14.tmp ()
1/18/2007 9:48:54 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b06da40652f8ab972561e743ae05a96\download\BIT21.tmp ()
1/18/2007 9:48:18 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\70bee86dd2b52f0c3f60c71113182f25\download\BIT1B.tmp ()
1/18/2007 9:52:14 PM H 799699 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74fcdfbc02664dce84136c891758e123\download\BITA.tmp ()
1/18/2007 9:47:28 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\79a472c662fcaea1ff845b3a03de2d4f\download\BIT13.tmp ()
1/18/2007 9:47:04 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a0b2e29d3aa48d4be478bc6a367b3b1\download\BITF.tmp ()
1/18/2007 9:47:46 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b89badbc70122a40a6febf9aa0c6d0dd\download\BIT17.tmp ()
1/18/2007 9:48:42 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\download\BIT1F.tmp ()
1/18/2007 9:48:12 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd2c412f5748f6bd7110bae5c7f908e8\download\BIT1A.tmp ()
1/18/2007 9:49:06 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c38f81748688325a9df6ee13850c72ae\download\BIT23.tmp ()
1/18/2007 9:49:00 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c9ca23e0db0bf40b7c223d3803986f23\download\BIT22.tmp ()
1/18/2007 9:48:48 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd5f937d0efd28640769c02449cb1c5f\download\BIT20.tmp ()
1/18/2007 9:47:34 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e248e6e6cf7cf235ca9adad589c1947a\download\BIT15.tmp ()
1/18/2007 9:49:40 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e2b4d3fe99fff743f9d3d64ed7c7e582\download\BIT27.tmp ()
1/18/2007 9:48:36 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e8aaf3d0f5a2a9436cb55a74f4d86214\download\BIT1E.tmp ()
1/18/2007 9:49:12 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ead7837e90f144c8b951601ec9bcfe5a\download\BIT24.tmp ()
1/18/2007 9:49:58 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ec4bd1527b43d202e7c5588f67b971f6\download\BIT29.tmp ()
1/18/2007 9:52:34 PM H 77367 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa998053d8f05286f86623337cfbdf24\download\BIT1C.tmp ()
1/18/2007 7:37:56 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest ()
1/18/2007 7:38:28 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest ()
1/18/2007 7:37:56 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest ()
1/18/2007 7:37:56 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest ()
1/18/2007 7:37:56 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest ()
1/18/2007 7:38:28 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest ()
1/18/2007 7:37:56 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest ()
1/24/2007 11:11:32 AM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
2/7/2007 4:58:12 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
2/7/2007 4:59:00 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
2/7/2007 4:58:20 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
2/7/2007 4:59:34 PM H 73728 C:\WINDOWS\system32\config\software.LOG ()
2/7/2007 4:58:26 PM H 811008 C:\WINDOWS\system32\config\system.LOG ()
1/18/2007 3:51:26 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG ()
1/18/2007 3:51:28 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG ()
1/19/2007 10:48:30 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
1/18/2007 3:53:12 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini ()
1/18/2007 3:53:12 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini ()
1/18/2007 7:36:14 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini ()
1/18/2007 7:36:14 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini ()
1/18/2007 7:36:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
1/18/2007 7:36:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
1/18/2007 7:36:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPUVSHA3\desktop.ini ()
1/18/2007 7:36:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDYFOLMZ\desktop.ini ()
1/18/2007 7:36:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXIJSLA3\desktop.ini ()
1/18/2007 7:36:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SDUBS9UB\desktop.ini ()
1/18/2007 7:38:38 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini ()
1/18/2007 3:53:12 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini ()
1/18/2007 7:42:24 PM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini ()
1/18/2007 7:42:24 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini ()
1/18/2007 7:42:24 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini ()
1/18/2007 7:42:24 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini ()
1/18/2007 7:42:24 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini ()
1/18/2007 8:17:08 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c65e6043-57c6-4147-a0aa-cd7de847bad9 ()
1/18/2007 8:17:08 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
1/18/2007 8:07:04 PM RHS 13698 C:\WINDOWS\system32\Restore\filelist.xml ()
2/7/2007 4:56:42 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/23/2001 8:30:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/29/2002 12:11:28 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/23/2001 8:30:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.micr...D0C/wmv9dmo.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.micros...b?1169163356894
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1169169689446
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ash/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/18/2007 7:42:24 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/18/2007 3:53:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
1/18/2007 7:42:24 PM HS 84 C:\Documents and Settings\angie\Start Menu\Programs\Startup\desktop.ini ()
1/31/2007 8:17:56 AM 810 C:\Documents and Settings\angie\Start Menu\Programs\Startup\zonealarm.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
1/18/2007 3:53:12 PM HS 62 C:\Documents and Settings\angie\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft...p...ER}&ar=home
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Local Page - C:\WINDOWS\System32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
\\SearchAssistant - http://ie.search.msn...st/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8192 =
\\NEXTID - 8195
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 =
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8194 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
\{CA8ACAFA-5FBB-467B-B348-90DD488DE003} - SUPERAntiSpyware Context Menu = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\{CA8ACAFA-5FBB-467B-B348-90DD488DE003} - SUPERAntiSpyware Context Menu = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
Ad-watch - C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe (Lavasoft Sweden)
Ad-aware - C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe (Lavasoft Sweden)
Services - C:\WINDOWS\System32\sysamp.exe ()
Microsoft Internet Explorer - C:\WINDOWS\System32\iexplore.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\angie\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\angie\Start Menu\Programs\Startup\zonealarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe (Zone Labs, LLC)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{3F76AA99-A45C-4635-8FE9-A6D186F46471} - = ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - SABShellExecuteHook Class = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll = (SUPERAntiSpyware.com)
\AtiExtEvent - Ati2evxx.dll = ()
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{29F99490-C1E9-4306-ACA5-0FCCCDC7FB18} - (3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX))
{4FB8129A-8917-42D7-BE3A-E48A848DF586} - (SiS 900-Based PCI Fast Ethernet Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINDOWS\System32\msdxm.ocx ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Thank you.

#12
Excal

Posted 07 February 2007 - 08:02 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Ok i want to use this program so we can double check that those files aren't hiding :blink:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

:whistling:

Excal

#13
northernmist

Posted 08 February 2007 - 07:29 AM

Member

Topic Starter
Member
52 posts

Why is my post showing up blank? :whistling:

Edited by northernmist, 08 February 2007 - 07:31 AM.

#14
northernmist

Posted 08 February 2007 - 07:32 AM

Member

Topic Starter
Member
52 posts

WinPFind3 logfile created on: 2/7/2007 11:39:37 PM
WinPFind3U by OldTimer - Version 1.0.16 Folder = C:\win_find\win_find3\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

261616 Kb Total Physical Memory | 84380 Kb Available Physical Memory | 32.25% Memory free
633360 Kb Paging File | 378440 Kb Available in Paging File | 59.75% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14996644 Kb Total Space | 10293484 Kb Free Space | 68.64% Space Free
Drive D: | 41945680 Kb Total Space | 36992456 Kb Free Space | 88.19% Space Free
Drive E: | 15727632 Kb Total Space | 9204544 Kb Free Space | 58.52% Space Free
Drive F: | 10482412 Kb Total Space | 10394856 Kb Free Space | 99.16% Space Free

[Processes - Non-Microsoft Only]
ad-watch.exe -> %ProgramFiles%\Lavasoft\Ad-aware 6\Ad-watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 396800 bytes | Modified Date = 1/27/2003 5:15:08 AM | Attr = ]
ad-watch.exe -> %ProgramFiles%\Lavasoft\Ad-aware 6\Ad-watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 396800 bytes | Modified Date = 1/27/2003 5:15:08 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 6/10/2004 11:14:56 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 6/10/2004 11:14:56 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 6/10/2004 11:14:56 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
devldr32.exe -> %System32%\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/17/2001 7:06:42 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:43:20 AM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75568 bytes | Modified Date = 1/8/2007 2:29:38 PM | Attr = ]
winpfind3u.exe -> %SystemDrive%\win_find\win_find3\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Modified Date = 2/7/2007 8:23:44 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 919280 bytes | Modified Date = 1/8/2007 2:29:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 1/24/2007 11:20:58 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 6/10/2004 11:14:56 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:43:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 8:30:00 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75568 bytes | Modified Date = 1/8/2007 2:29:38 PM | Attr = ]

#15
northernmist

Posted 08 February 2007 - 07:34 AM

Member

Topic Starter
Member
52 posts

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ad-aware -> %ProgramFiles%\Lavasoft\Ad-aware 6\Ad-aware.exe -> Lavasoft Sweden [Ver = 6.0.1.158 | Size = 778240 bytes | Modified Date = 1/27/2003 10:42:22 AM | Attr = ]
Ad-watch -> %ProgramFiles%\Lavasoft\Ad-aware 6\Ad-watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 396800 bytes | Modified Date = 1/27/2003 5:15:08 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
Microsoft Internet Explorer -> %System32%\iexplore.exe -> File not found
Services -> %System32%\sysamp.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< User Startup > -> C:\Documents and Settings\angie\Start Menu\Programs\Startup
%UserStartup%\zonealarm.lnk -> %ProgramFiles%\Zone Labs\ZoneAlarm\zonealarm.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:44 PM | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
http [open] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 12/12/2006 11:42:18 PM | Attr = ]
https [open] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 12/12/2006 11:42:18 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
Directory [Scan with Ad-aware...] -> %ProgramFiles%\Lavasoft\Ad-aware 6\Ad-aware.exe -> Lavasoft Sweden [Ver = 6.0.1.158 | Size = 778240 bytes | Modified Date = 1/27/2003 10:42:22 AM | Attr = ]
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{306D6C21-C1B6-4629-986C-E59E1875B8AF} -> "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",HideIconsUser ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> pfdnnt C:\WINDOWS\System32\pfdnnt_actions.sys; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{3F76AA99-A45C-4635-8FE9-A6D186F46471} [HKLM] -> Reg Data - Key not found [] -> File not found
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:43:28 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 10/19/2006 9:12:20 AM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 12:10:12 AM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8194 - Reg Data - Key not found ->
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> 8192 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Reg Data - Key not found ->
NextId -> 8195 ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 8:30:00 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [Multiscan] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 2/6/2007 10:30:52 PM | Attr = ]
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561209 bytes | Modified Date = 5/19/2001 8:57:40 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1002 | Size = 61440 bytes | Modified Date = 1/16/2007 1:54:10 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 8:10:48 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1002 | Size = 61440 bytes | Modified Date = 1/16/2007 1:54:10 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 8:10:48 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 1/18/2007 10:35:36 PM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{29F99490-C1E9-4306-ACA5-0FCCCDC7FB18} -> (3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)) ->
{4FB8129A-8917-42D7-BE3A-E48A848DF586} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 12:10:12 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...D0C/wmv9dmo.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1169163356894 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1169169689446 ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 1/18/2007 7:42:15 PM | Attr = ]
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 11962447 bytes | Created Date = 1/18/2007 10:37:32 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 194 bytes | Created Date = 1/18/2007 3:51:27 PM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/18/2007 7:42:15 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/18/2007 7:42:15 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1491 bytes | Created Date = 1/27/2007 8:20:21 PM | Attr = H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/18/2007 7:42:15 PM | Attr = RHS]
desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 1/18/2007 3:53:10 PM | Attr = HS]
desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 1/18/2007 7:52:45 PM | Attr = HS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5120 bytes | Created Date = 1/19/2007 10:14:28 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 17144 bytes | Created Date = 1/27/2007 2:15:02 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3712656 bytes | Created Date = 2/6/2007 10:51:48 PM | Attr = H ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 1/20/2007 9:56:33 PM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 1/23/2007 9:55:04 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/21/2007 10:23:20 AM | Attr = ]
desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 1/18/2007 3:53:10 PM | Attr = HS]
Desktop.ini -> %AllUsersDocuments%\My Music\Desktop.ini -> [Ver = | Size = 151 bytes | Created Date = 1/18/2007 7:35:12 PM | Attr = HS]
music.asx -> %AllUsersDocuments%\My Music\music.asx -> [Ver = | Size = 768 bytes | Created Date = 1/18/2007 7:42:11 PM | Attr = ]
music.bmp -> %AllUsersDocuments%\My Music\music.bmp -> [Ver = | Size = 18488 bytes | Created Date = 1/18/2007 7:42:11 PM | Attr = ]
music.wma -> %AllUsersDocuments%\My Music\music.wma -> [Ver = | Size = 3492199 bytes | Created Date = 1/18/2007 7:42:11 PM | Attr = ]
Desktop.ini -> %AllUsersDocuments%\My Pictures\Desktop.ini -> [Ver = | Size = 150 bytes | Created Date = 1/18/2007 7:35:12 PM | Attr = HS]
Desktop.ini -> %AllUsersDocuments%\My Videos\Desktop.ini -> [Ver = | Size = 151 bytes | Created Date = 1/18/2007 7:31:58 PM | Attr = HS]
Beethoven's Symphony No. 9 (Scherzo).wma -> %AllUsersDocuments%\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma -> [Ver = | Size = 613638 bytes | Created Date = 1/18/2007 7:36:07 PM | Attr = ]
desktop.ini -> %AllUsersDocuments%\My Music\Sample Music\desktop.ini -> [Ver = | Size = 70 bytes | Created Date = 1/18/2007 7:37:55 PM | Attr = HS]
New Stories (Highway Blues).wma -> %AllUsersDocuments%\My Music\Sample Music\New Stories (Highway Blues).wma -> [Ver = | Size = 760748 bytes | Created Date = 1/18/2007 7:36:08 PM | Attr = ]
Blue hills.jpg -> %AllUsersDocuments%\My Pictures\Sample Pictures\Blue hills.jpg -> [Ver = | Size = 28521 bytes | Created Date = 1/18/2007 7:36:07 PM | Attr = ]
desktop.ini -> %AllUsersDocuments%\My Pictures\Sample Pictures\desktop.ini -> [Ver = | Size = 42 bytes | Created Date = 1/18/2007 7:37:55 PM | Attr = HS]
Sunset.jpg -> %AllUsersDocuments%\My Pictures\Sample Pictures\Sunset.jpg -> [Ver = | Size = 71189 bytes | Created Date = 1/18/2007 7:36:07 PM | Attr = ]
Thumbs.db -> %AllUsersDocuments%\My Pictures\Sample Pictures\Thumbs.db -> [Ver = | Size = 10240 bytes | Created Date = 1/19/2007 7:40:21 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %AllUsersDocuments%\My Pictures\Sample Pictures\Thumbs.db:encryptable ->
Water lilies.jpg -> %AllUsersDocuments%\My Pictures\Sample Pictures\Water lilies.jpg -> [Ver = | Size = 83794 bytes | Created Date = 1/18/2007 7:36:07 PM | Attr = ]
Winter.jpg -> %AllUsersDocuments%\My Pictures\Sample Pictures\Winter.jpg -> [Ver = | Size = 105542 bytes | Created Date = 1/18/2007 7:36:07 PM | Attr = ]
desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 1/18/2007 3:53:10 PM | Attr = HS]
Ad-aware 6.0.lnk -> %UserDesktop%\Ad-aware 6.0.lnk -> [Ver = | Size = 731 bytes | Created Date = 1/18/2007 10:27:08 PM | Attr = ]
Ad-watch 3.0.lnk -> %UserDesktop%\Ad-watch 3.0.lnk -> [Ver = | Size = 731 bytes | Created Date = 1/18/2007 10:27:08 PM | Attr = ]
Adobe Photoshop CS.lnk -> %UserDesktop%\Adobe Photoshop CS.lnk -> [Ver = | Size = 776 bytes | Created Date = 1/24/2007 11:22:56 PM | Attr = ]
beach.jpg -> %UserDesktop%\beach.jpg -> [Ver = | Size = 42094 bytes | Created Date = 2/2/2007 11:49:11 PM | Attr = ]
LimeWire 4.12.11.lnk -> %UserDesktop%\LimeWire 4.12.11.lnk -> [Ver = | Size = 693 bytes | Created Date = 2/5/2007 8:39:20 PM | Attr = ]
resort_prices.jpg -> %UserDesktop%\resort_prices.jpg -> [Ver = | Size = 42601 bytes | Created Date = 2/2/2007 11:40:03 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 142336 bytes | Created Date = 1/28/2007 1:22:50 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
bud_lookalike.JPG -> %UserDocuments%\bud_lookalike.JPG -> [Ver = | Size = 48196 bytes | Created Date = 1/26/2007 10:08:54 PM | Attr = ]
bud_lookalike2.JPG -> %UserDocuments%\bud_lookalike2.JPG -> [Ver = | Size = 46725 bytes | Created Date = 1/26/2007 10:10:56 PM | Attr = ]
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 76 bytes | Created Date = 1/18/2007 7:56:39 PM | Attr = HS]
Thursday_fred.doc -> %UserDocuments%\Thursday_fred.doc -> [Ver = | Size = 34304 bytes | Created Date = 2/2/2007 11:44:58 AM | Attr = ]
Desktop.ini -> %UserDocuments%\My Music\Desktop.ini -> [Ver = | Size = 181 bytes | Created Date = 1/18/2007 7:56:39 PM | Attr = HS]
Sample Music.lnk -> %UserDocuments%\My Music\Sample Music.lnk -> [Ver = | Size = 638 bytes | Created Date = 1/18/2007 7:56:40 PM | Attr = ]
angie gate.jpg -> %UserDocuments%\My Pictures\angie gate.jpg -> [Ver = | Size = 650062 bytes | Created Date = 1/28/2007 1:01:34 PM | Attr = ]
ang_blue.jpg -> %UserDocuments%\My Pictures\ang_blue.jpg -> [Ver = | Size = 193524 bytes | Created Date = 1/28/2007 12:56:02 PM | Attr = ]
AnJ couple.jpg -> %UserDocuments%\My Pictures\AnJ couple.jpg -> [Ver = | Size = 170569 bytes | Created Date = 1/28/2007 1:08:32 PM | Attr = ]
babyboy.jpg -> %UserDocuments%\My Pictures\babyboy.jpg -> [Ver = | Size = 353168 bytes | Created Date = 1/28/2007 12:57:23 PM | Attr = ]
baby_riley.jpg -> %UserDocuments%\My Pictures\baby_riley.jpg -> [Ver = | Size = 42637 bytes | Created Date = 1/21/2007 5:07:39 PM | Attr = ]
best_friends06.jpg -> %UserDocuments%\My Pictures\best_friends06.jpg -> [Ver = | Size = 118451 bytes | Created Date = 1/28/2007 12:30:23 PM | Attr = ]
bud_ocean.jpg -> %UserDocuments%\My Pictures\bud_ocean.jpg -> [Ver = | Size = 391678 bytes | Created Date = 1/28/2007 12:57:22 PM | Attr = ]
b_tattoo_white.jpg -> %UserDocuments%\My Pictures\b_tattoo_white.jpg -> [Ver = | Size = 84252 bytes | Created Date = 1/28/2007 12:30:23 PM | Attr = ]
castlehill.jpg -> %UserDocuments%\My Pictures\castlehill.jpg -> [Ver = | Size = 819726 bytes | Created Date = 1/28/2007 12:57:12 PM | Attr = ]
crash.jpg -> %UserDocuments%\My Pictures\crash.jpg -> [Ver = | Size = 177995 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
dad.log.jpg -> %UserDocuments%\My Pictures\dad.log.jpg -> [Ver = | Size = 40679 bytes | Created Date = 1/28/2007 1:12:38 PM | Attr = ]
dad_BC.jpg -> %UserDocuments%\My Pictures\dad_BC.jpg -> [Ver = | Size = 33728 bytes | Created Date = 1/28/2007 12:31:24 PM | Attr = ]
dad_campBC.jpg -> %UserDocuments%\My Pictures\dad_campBC.jpg -> [Ver = | Size = 72498 bytes | Created Date = 1/28/2007 12:31:24 PM | Attr = ]
dancing_mahers.jpg -> %UserDocuments%\My Pictures\dancing_mahers.jpg -> [Ver = | Size = 183331 bytes | Created Date = 1/28/2007 1:05:53 PM | Attr = ]
Desktop.ini -> %UserDocuments%\My Pictures\Desktop.ini -> [Ver = | Size = 183 bytes | Created Date = 1/18/2007 7:56:39 PM | Attr = HS]
family.jpg -> %UserDocuments%\My Pictures\family.jpg -> [Ver = | Size = 84038 bytes | Created Date = 1/28/2007 1:15:02 PM | Attr = ]
heavy shoulders.jpg -> %UserDocuments%\My Pictures\heavy shoulders.jpg -> [Ver = | Size = 14422 bytes | Created Date = 1/28/2007 12:19:18 AM | Attr = ]
Inner_Glow_by_northernmist.jpg -> %UserDocuments%\My Pictures\Inner_Glow_by_northernmist.jpg -> [Ver = | Size = 181550 bytes | Created Date = 1/25/2007 8:17:04 AM | Attr = ]
james_concert.jpg -> %UserDocuments%\My Pictures\james_concert.jpg -> [Ver = | Size = 534988 bytes | Created Date = 1/28/2007 1:01:34 PM | Attr = ]
lighthouse.jpg -> %UserDocuments%\My Pictures\lighthouse.jpg -> [Ver = | Size = 517067 bytes | Created Date = 1/28/2007 12:56:28 PM | Attr = ]
ma_g_a_1981_.jpg -> %UserDocuments%\My Pictures\ma_g_a_1981_.jpg -> [Ver = | Size = 186523 bytes | Created Date = 1/28/2007 12:31:24 PM | Attr = ]
moms_garden06_4.jpg -> %UserDocuments%\My Pictures\moms_garden06_4.jpg -> [Ver = | Size = 185470 bytes | Created Date = 1/28/2007 1:47:59 PM | Attr = ]
nanpop_80th4.jpg -> %UserDocuments%\My Pictures\nanpop_80th4.jpg -> [Ver = | Size = 43047 bytes | Created Date = 1/28/2007 1:16:24 PM | Attr = ]
NLboat.jpg -> %UserDocuments%\My Pictures\NLboat.jpg -> [Ver = | Size = 334655 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
ocean view.jpg -> %UserDocuments%\My Pictures\ocean view.jpg -> [Ver = | Size = 158400 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
pee.jpg -> %UserDocuments%\My Pictures\pee.jpg -> [Ver = | Size = 21720 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
pink_strawflower.jpg -> %UserDocuments%\My Pictures\pink_strawflower.jpg -> [Ver = | Size = 116692 bytes | Created Date = 1/28/2007 1:48:35 PM | Attr = ]
riley_bud.jpg -> %UserDocuments%\My Pictures\riley_bud.jpg -> [Ver = | Size = 97231 bytes | Created Date = 1/28/2007 1:11:31 PM | Attr = ]
seaweed.jpg -> %UserDocuments%\My Pictures\seaweed.jpg -> [Ver = | Size = 757315 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
splat.jpg -> %UserDocuments%\My Pictures\splat.jpg -> [Ver = | Size = 277898 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Thumbs.db -> [Ver = | Size = 163328 bytes | Created Date = 1/24/2007 11:05:46 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Thumbs.db:encryptable ->
Us_nov04.jpg -> %UserDocuments%\My Pictures\Us_nov04.jpg -> [Ver = | Size = 98043 bytes | Created Date = 1/28/2007 1:02:23 PM | Attr = ]
102_5971.jpg -> %UserDocuments%\My Received Files\102_5971.jpg -> [Ver = | Size = 661095 bytes | Created Date = 1/21/2007 2:22:27 PM | Attr = ]
102_5980.jpg -> %UserDocuments%\My Received Files\102_5980.jpg -> [Ver = | Size = 782550 bytes | Created Date = 1/21/2007 2:23:50 PM | Attr = ]
102_5988cropped.jpg -> %UserDocuments%\My Received Files\102_5988cropped.jpg -> [Ver = | Size = 658546 bytes | Created Date = 1/21/2007 2:27:25 PM | Attr = ]
dad_old.JPEG -> %UserDocuments%\My Received Files\dad_old.JPEG -> [Ver = | Size = 1200648 bytes | Created Date = 1/21/2007 2:30:09 PM | Attr = ]
gin me and jay staff party 07.JPG -> %UserDocuments%\My Received Files\gin me and jay staff party 07.JPG -> [Ver = | Size = 1821413 bytes | Created Date = 1/27/2007 12:22:35 PM | Attr = ]
IMGP0653.JPG -> %UserDocuments%\My Received Files\IMGP0653.JPG -> [Ver = | Size = 1793046 bytes | Created Date = 1/30/2007 11:12:51 AM | Attr = ]
IMG_1041.jpg -> %UserDocuments%\My Received Files\IMG_1041.jpg -> [Ver = | Size = 647630 bytes | Created Date = 1/21/2007 2:30:42 PM | Attr = ]
IMG_1055.jpg -> %UserDocuments%\My Received Files\IMG_1055.jpg -> [Ver = | Size = 403017 bytes | Created Date = 1/21/2007 2:32:00 PM | Attr = ]
IMG_1068.jpg -> %UserDocuments%\My Received Files\IMG_1068.jpg -> [Ver = | Size = 647521 bytes | Created Date = 1/21/2007 2:33:57 PM | Attr = ]
IMG_1191.jpg -> %UserDocuments%\My Received Files\IMG_1191.jpg -> [Ver = | Size = 370161 bytes | Created Date = 1/21/2007 2:36:03 PM | Attr = ]
IMG_1198.jpg -> %UserDocuments%\My Received Files\IMG_1198.jpg -> [Ver = | Size = 599382 bytes | Created Date = 1/21/2007 2:39:23 PM | Attr = ]
IMG_1232.jpg -> %UserDocuments%\My Received Files\IMG_1232.jpg -> [Ver = | Size = 346614 bytes | Created Date = 1/21/2007 2:41:31 PM | Attr = ]
IMG_1235.jpg -> %UserDocuments%\My Received Files\IMG_1235.jpg -> [Ver = | Size = 367034 bytes | Created Date = 1/21/2007 2:42:47 PM | Attr = ]
IMG_1254.jpg -> %UserDocuments%\My Received Files\IMG_1254.jpg -> [Ver = | Size = 444296 bytes | Created Date = 1/21/2007 2:43:59 PM | Attr = ]
IMG_1267.jpg -> %UserDocuments%\My Received Files\IMG_1267.jpg -> [Ver = | Size = 224875 bytes | Created Date = 1/21/2007 2:46:49 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Received Files\Thumbs.db -> [Ver = | Size = 122880 bytes | Created Date = 1/21/2007 2:36:13 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Received Files\Thumbs.db:encryptable ->
Uncle roy.jpg -> %UserDocuments%\My Received Files\Uncle roy.jpg -> [Ver = | Size = 150777 bytes | Created Date = 1/24/2007 6:24:19 PM | Attr = ]
a_halloween.jpg -> %UserDocuments%\pics\a_halloween.jpg -> [Ver = | Size = 110136 bytes | Created Date = 1/28/2007 12:58:07 PM | Attr = ]
boweringpark.jpg -> %UserDocuments%\pics\boweringpark.jpg -> [Ver = | Size = 441953 bytes | Created Date = 1/28/2007 12:57:09 PM | Attr = ]
cover_tits.jpg -> %UserDocuments%\pics\cover_tits.jpg -> [Ver = | Size = 263011 bytes | Created Date = 1/28/2007 12:59:03 PM | Attr = ]
g_undies.jpg -> %UserDocuments%\pics\g_undies.jpg -> [Ver = | Size = 114549 bytes | Created Date = 1/28/2007 12:58:07 PM | Attr = ]
mommytobe.jpg -> %UserDocuments%\pics\mommytobe.jpg -> [Ver = | Size = 336147 bytes | Created Date = 1/28/2007 1:06:38 PM | Attr = ]
Thumbs.db -> %UserDocuments%\pics\Thumbs.db -> [Ver = | Size = 104448 bytes | Created Date = 1/28/2007 1:50:14 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\pics\Thumbs.db:encryptable ->
tulips.jpg -> %UserDocuments%\pics\tulips.jpg -> [Ver = | Size = 57777 bytes | Created Date = 1/28/2007 12:57:13 PM | Attr = ]
anchor.bmp -> %UserDocuments%\tattoos\anchor.bmp -> [Ver = | Size = 62262 bytes | Created Date = 1/22/2007 8:58:16 PM | Attr = ]
beach_buttery.bmp -> %UserDocuments%\tattoos\beach_buttery.bmp -> [Ver = | Size = 589878 bytes | Created Date = 1/22/2007 8:36:52 PM | Attr = ]
blue_starfish.bmp -> %UserDocuments%\tattoos\blue_starfish.bmp -> [Ver = | Size = 87606 bytes | Created Date = 1/22/2007 8:57:40 PM | Attr = ]
heart_stars.bmp -> %UserDocuments%\tattoos\heart_stars.bmp -> [Ver = | Size = 589878 bytes | Created Date = 1/22/2007 8:32:58 PM | Attr = ]
mermaid2.jpg -> %UserDocuments%\tattoos\mermaid2.jpg -> [Ver = | Size = 17113 bytes | Created Date = 1/25/2007 11:10:04 PM | Attr = ]
neg_space1.jpg -> %UserDocuments%\tattoos\neg_space1.jpg -> [Ver = | Size = 21369 bytes | Created Date = 1/25/2007 11:04:19 PM | Attr = ]
star_dot.jpg -> %UserDocuments%\tattoos\star_dot.jpg -> [Ver = | Size = 12425 bytes | Created Date = 1/25/2007 10:59:42 PM | Attr = ]
star_water.jpg -> %UserDocuments%\tattoos\star_water.jpg -> [Ver = | Size = 40022 bytes | Created Date = 1/22/2007 9:35:54 PM | Attr = ]
Thumbs.db -> %UserDocuments%\tattoos\Thumbs.db -> [Ver = | Size = 36352 bytes | Created Date = 1/22/2007 9:52:44 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\tattoos\Thumbs.db:encryptable ->
beach_chair.jpg -> %UserDocuments%\web pics\beach_chair.jpg -> [Ver = | Size = 4428 bytes | Created Date = 1/24/2007 1:00:23 PM | Attr = ]
chairs.jpg -> %UserDocuments%\web pics\chairs.jpg -> [Ver = | Size = 5050 bytes | Created Date = 1/24/2007 1:03:47 PM | Attr = ]
flipflops.jpg -> %UserDocuments%\web pics\flipflops.jpg -> [Ver = | Size = 4597 bytes | Created Date = 1/24/2007 1:02:36 PM | Attr = ]
nude_sun.jpg -> %UserDocuments%\web pics\nude_sun.jpg -> [Ver = | Size = 3366 bytes | Created Date = 1/24/2007 1:05:46 PM | Attr = ]
palm_tree.jpg -> %UserDocuments%\web pics\palm_tree.jpg -> [Ver = | Size = 3147 bytes | Created Date = 1/24/2007 1:00:49 PM | Attr = ]
starfish.jpg -> %UserDocuments%\web pics\starfish.jpg -> [Ver = | Size = 2080 bytes | Created Date = 1/24/2007 1:01:46 PM | Attr = ]
Thumbs.db -> %UserDocuments%\web pics\Thumbs.db -> [Ver = | Size = 30208 bytes | Created Date = 2/1/2007 8:17:03 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\web pics\Thumbs.db:encryptable ->
styles.css -> %UserDocuments%\AIMLogger\nmist\IM Logs\styles.css -> [Ver = | Size = 625 bytes | Created Date = 1/27/2007 8:28:21 PM | Attr = ]
desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 1/18/2007 7:52:44 PM | Attr = HS]
zonealarm.lnk -> %UserStartup%\zonealarm.lnk -> [Ver = | Size = 810 bytes | Created Date = 1/31/2007 8:17:54 AM | Attr = ]
bigfoot.bmp -> %CommonProgramFiles%\Services\bigfoot.bmp -> [Ver = | Size = 2702 bytes | Created Date = 1/18/2007 7:35:55 PM | Attr = ]
verisign.bmp -> %CommonProgramFiles%\Services\verisign.bmp -> [Ver = | Size = 2702 bytes | Created Date = 1/18/2007 7:35:55 PM | Attr = ]
whowhere.bmp -> %CommonProgramFiles%\Services\whowhere.bmp -> [Ver = | Size = 2702 bytes | Created Date = 1/18/2007 7:35:55 PM | Attr = ]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_5_0_1016.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_5_0_1016.MSI -> [Ver = | Size = 3977216 bytes | Created Date = 1/21/2007 10:22:53 AM | Attr = ]
Adobe Gamma Loader.exe -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
Adobe Gamma.cpl -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma.cpl -> Adobe Systems, Inc. [Ver = 3, 3, 0, 0 | Size = 266240 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
ACE1Cache.lst -> %CommonProgramFiles%\Adobe\Color\ACE1Cache.lst -> [Ver = | Size = 40750 bytes | Created Date = 1/27/2007 12:28:42 PM | Attr = ]
AdobeFnt07.lst -> %CommonProgramFiles%\Adobe\Fonts\AdobeFnt07.lst -> [Ver = | Size = 36910 bytes | Created Date = 1/27/2007 12:38:47 PM | Attr = ]
brt.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\brt.hyp -> [Ver = | Size = 36864 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
brz.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\brz.hyp -> [Ver = | Size = 2048 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
cfr.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\cfr.hyp -> [Ver = | Size = 3072 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
ctl.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\ctl.hyp -> [Ver = | Size = 15360 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
dan.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\dan.hyp -> [Ver = | Size = 31744 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
dut.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\dut.hyp -> [Ver = | Size = 34816 bytes | Created Date = 1/24/2007 11:20:16 PM | Attr = ]
ENGPHON.ENV -> %CommonProgramFiles%\Adobe\Hyphenation\ENGPHON.ENV -> [Ver = | Size = 2467 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
fin.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\fin.hyp -> [Ver = | Size = 27648 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
frn.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\frn.hyp -> [Ver = | Size = 3072 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
grm.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\grm.hyp -> [Ver = | Size = 35840 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
Grmold.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\Grmold.hyp -> [Ver = | Size = 41984 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
itl.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\itl.hyp -> [Ver = | Size = 2048 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
nrw.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\nrw.hyp -> [Ver = | Size = 40960 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
nyn.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\nyn.hyp -> [Ver = | Size = 35840 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
prt.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\prt.hyp -> [Ver = | Size = 2048 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
sgr.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\sgr.hyp -> [Ver = | Size = 34816 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
spn.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\spn.hyp -> [Ver = | Size = 5120 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
swd.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\swd.hyp -> [Ver = | Size = 41984 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
usa37.hyp -> %CommonProgramFiles%\Adobe\Hyphenation\usa37.hyp -> [Ver = | Size = 87040 bytes | Created Date = 1/24/2007 11:20:17 PM | Attr = ]
aiicon.dll -> %CommonProgramFiles%\Adobe\Shell\aiicon.dll -> Adobe Systems Incorporated [Ver = 11.0 | Size = 245760 bytes | Created Date = 1/24/2007 11:19:32 PM | Attr = ]
brt04.lex -> %CommonProgramFiles%\Adobe\Spelling\brt04.lex -> [Ver = | Size = 223232 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
brt32.clx -> %CommonProgramFiles%\Adobe\Spelling\brt32.clx -> [Ver = | Size = 32678 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
brtphon.env -> %CommonProgramFiles%\Adobe\Spelling\brtphon.env -> [Ver = | Size = 2467 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Brz32.clx -> %CommonProgramFiles%\Adobe\Spelling\Brz32.clx -> [Ver = | Size = 32713 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
brz40.lex -> %CommonProgramFiles%\Adobe\Spelling\brz40.lex -> [Ver = | Size = 450560 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
brzphon.env -> %CommonProgramFiles%\Adobe\Spelling\brzphon.env -> [Ver = | Size = 3934 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Cfr32.clx -> %CommonProgramFiles%\Adobe\Spelling\Cfr32.clx -> [Ver = | Size = 32755 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
cfr68.lex -> %CommonProgramFiles%\Adobe\Spelling\cfr68.lex -> [Ver = | Size = 614400 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
cfrphon.env -> %CommonProgramFiles%\Adobe\Spelling\cfrphon.env -> [Ver = | Size = 3119 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Ctl24.clx -> %CommonProgramFiles%\Adobe\Spelling\Ctl24.clx -> [Ver = | Size = 22236 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
ctl28.lex -> %CommonProgramFiles%\Adobe\Spelling\ctl28.lex -> [Ver = | Size = 1013760 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
ctlphon.env -> %CommonProgramFiles%\Adobe\Spelling\ctlphon.env -> [Ver = | Size = 7778 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Dan32.clx -> %CommonProgramFiles%\Adobe\Spelling\Dan32.clx -> [Ver = | Size = 32684 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
dan45.lex -> %CommonProgramFiles%\Adobe\Spelling\dan45.lex -> [Ver = | Size = 484352 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
danphon.env -> %CommonProgramFiles%\Adobe\Spelling\danphon.env -> [Ver = | Size = 2809 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Dut102.lex -> %CommonProgramFiles%\Adobe\Spelling\Dut102.lex -> [Ver = | Size = 945152 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Dut32.clx -> %CommonProgramFiles%\Adobe\Spelling\Dut32.clx -> [Ver = | Size = 32741 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
dutphon.env -> %CommonProgramFiles%\Adobe\Spelling\dutphon.env -> [Ver = | Size = 2862 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
eng32.clx -> %CommonProgramFiles%\Adobe\Spelling\eng32.clx -> [Ver = | Size = 32741 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
engphon.env -> %CommonProgramFiles%\Adobe\Spelling\engphon.env -> [Ver = | Size = 2467 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Fin32.clx -> %CommonProgramFiles%\Adobe\Spelling\Fin32.clx -> [Ver = | Size = 32762 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
fin49.lex -> %CommonProgramFiles%\Adobe\Spelling\fin49.lex -> [Ver = | Size = 672768 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
finphon.env -> %CommonProgramFiles%\Adobe\Spelling\finphon.env -> [Ver = | Size = 3405 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
frn21.lex -> %CommonProgramFiles%\Adobe\Spelling\frn21.lex -> [Ver = | Size = 614400 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Frn32.clx -> %CommonProgramFiles%\Adobe\Spelling\Frn32.clx -> [Ver = | Size = 32755 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
frnphon.env -> %CommonProgramFiles%\Adobe\Spelling\frnphon.env -> [Ver = | Size = 3119 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Grm104.lex -> %CommonProgramFiles%\Adobe\Spelling\Grm104.lex -> [Ver = | Size = 1542144 bytes | Created Date = 1/24/2007 11:20:13 PM | Attr = ]
Grm10401.lex -> %CommonProgramFiles%\Adobe\Spelling\Grm10401.lex -> [Ver = | Size = 44032 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
GRM25.LEX -> %CommonProgramFiles%\Adobe\Spelling\GRM25.LEX -> [Ver = | Size = 1160192 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
Grm32.clx -> %CommonProgramFiles%\Adobe\Spelling\Grm32.clx -> [Ver = | Size = 32688 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
GRMOLD16.CLX -> %CommonProgramFiles%\Adobe\Spelling\GRMOLD16.CLX -> [Ver = | Size = 16343 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
grmphon.env -> %CommonProgramFiles%\Adobe\Spelling\grmphon.env -> [Ver = | Size = 2642 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
itl16.clx -> %CommonProgramFiles%\Adobe\Spelling\itl16.clx -> [Ver = | Size = 16344 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
itl26.lex -> %CommonProgramFiles%\Adobe\Spelling\itl26.lex -> [Ver = | Size = 325632 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
itlphon.env -> %CommonProgramFiles%\Adobe\Spelling\itlphon.env -> [Ver = | Size = 3304 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
Nrw32.clx -> %CommonProgramFiles%\Adobe\Spelling\Nrw32.clx -> [Ver = | Size = 32753 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
nrw38.lex -> %CommonProgramFiles%\Adobe\Spelling\nrw38.lex -> [Ver = | Size = 441344 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
nrwphon.env -> %CommonProgramFiles%\Adobe\Spelling\nrwphon.env -> [Ver = | Size = 2893 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
Nyn16.clx -> %CommonProgramFiles%\Adobe\Spelling\Nyn16.clx -> [Ver = | Size = 15356 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
nyn47.lex -> %CommonProgramFiles%\Adobe\Spelling\nyn47.lex -> [Ver = | Size = 396288 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
nynphon.env -> %CommonProgramFiles%\Adobe\Spelling\nynphon.env -> [Ver = | Size = 2893 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
Prt32.clx -> %CommonProgramFiles%\Adobe\Spelling\Prt32.clx -> [Ver = | Size = 32748 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
prt39.lex -> %CommonProgramFiles%\Adobe\Spelling\prt39.lex -> [Ver = | Size = 463872 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
prtphon.env -> %CommonProgramFiles%\Adobe\Spelling\prtphon.env -> [Ver = | Size = 3934 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
sgr105.lex -> %CommonProgramFiles%\Adobe\Spelling\sgr105.lex -> [Ver = | Size = 1446912 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
sgr32.clx -> %CommonProgramFiles%\Adobe\Spelling\sgr32.clx -> [Ver = | Size = 32686 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
sgrphon.env -> %CommonProgramFiles%\Adobe\Spelling\sgrphon.env -> [Ver = | Size = 2642 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
spn24.lex -> %CommonProgramFiles%\Adobe\Spelling\spn24.lex -> [Ver = | Size = 424960 bytes | Created Date = 1/24/2007 11:20:14 PM | Attr = ]
Spn32.clx -> %CommonProgramFiles%\Adobe\Spelling\Spn32.clx -> [Ver = | Size = 32763 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
spnphon.env -> %CommonProgramFiles%\Adobe\Spelling\spnphon.env -> [Ver = | Size = 3450 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
Swd16.clx -> %CommonProgramFiles%\Adobe\Spelling\Swd16.clx -> [Ver = | Size = 16384 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
swd43.lex -> %CommonProgramFiles%\Adobe\Spelling\swd43.lex -> [Ver = | Size = 1688576 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
swdphon.env -> %CommonProgramFiles%\Adobe\Spelling\swdphon.env -> [Ver = | Size = 3047 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
usa86.lex -> %CommonProgramFiles%\Adobe\Spelling\usa86.lex -> [Ver = | Size = 294912 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
usa8601.lex -> %CommonProgramFiles%\Adobe\Spelling\usa8601.lex -> [Ver = | Size = 47104 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
usa8602.lex -> %CommonProgramFiles%\Adobe\Spelling\usa8602.lex -> [Ver = | Size = 99328 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
AdobeFnt07.lst -> %CommonProgramFiles%\Adobe\TypeSpt\AdobeFnt07.lst -> [Ver = | Size = 20206 bytes | Created Date = 1/27/2007 12:38:47 PM | Attr = ]
FntNames.db -> %CommonProgramFiles%\Adobe\TypeSpt\FntNames.db -> [Ver = | Size = 387551 bytes | Created Date = 1/24/2007 11:20:15 PM | Attr = ]
Adobelmsvc.exe -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Created Date = 1/24/2007 11:20:56 PM | Attr = ]
tbunins.exe -> %CommonProgramFiles%\AOL\AOLDiag\tbunins.exe -> AOL LLC [Ver = 3.3.11.1 | Size = 88673 bytes | Created Date = 1/27/2007 8:23:09 PM | Attr = ]
alunins.exe -> %CommonProgramFiles%\AOL\Loader\alunins.exe -> AOL LLC [Ver = 9.3.1.1 | Size = 88495 bytes | Created Date = 1/27/2007 8:23:09 PM | Attr = ]
IEFILES5.INF -> %CommonProgramFiles%\Microsoft Shared\MSInfo\IEFILES5.INF -> [Ver = | Size = 617 bytes | Created Date = 1/18/2007 7:35:43 PM | Attr = ]
aleabanr.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\aleabanr.gif -> [Ver = | Size = 7830 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
amaizrul.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\amaizrul.gif -> [Ver = | Size = 2184 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
anabnr2.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\anabnr2.gif -> [Ver = | Size = 15492 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
aswrule.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\aswrule.gif -> [Ver = | Size = 2086 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
Blank Bkgrd.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\Blank Bkgrd.gif -> [Ver = | Size = 145 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
Blank.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Blank.htm -> [Ver = | Size = 412 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
Btzhsepa.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\Btzhsepa.gif -> [Ver = | Size = 978 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
citbannA.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\citbannA.gif -> [Ver = | Size = 11959 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
Citrus Punch Bkgrd.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\Citrus Punch Bkgrd.gif -> [Ver = | Size = 2454 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
Citrus Punch.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Citrus Punch.htm -> [Ver = | Size = 403 bytes | Created Date = 1/18/2007 7:35:51 PM | Attr = ]
Clear Day Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Clear Day Bkgrd.jpg -> [Ver = | Size = 5675 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Clear Day.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Clear Day.htm -> [Ver = | Size = 276 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
fieruled.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\fieruled.gif -> [Ver = | Size = 1325 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Fiesta Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Fiesta Bkgrd.jpg -> [Ver = | Size = 5048 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Fiesta.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Fiesta.htm -> [Ver = | Size = 319 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Glacier Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Glacier Bkgrd.jpg -> [Ver = | Size = 2743 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Glacier.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Glacier.htm -> [Ver = | Size = 272 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Ivy.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\Ivy.gif -> [Ver = | Size = 5665 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Ivy.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Ivy.htm -> [Ver = | Size = 367 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Leaves Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Leaves Bkgrd.jpg -> [Ver = | Size = 4389 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Leaves.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Leaves.htm -> [Ver = | Size = 368 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Maize Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Maize Bkgrd.jpg -> [Ver = | Size = 11748 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Maize.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Maize.htm -> [Ver = | Size = 366 bytes | Created Date = 1/18/2007 7:35:52 PM | Attr = ]
Nature Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Nature Bkgrd.jpg -> [Ver = | Size = 3781 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Nature.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Nature.htm -> [Ver = | Size = 398 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Network Blitz Bkgrd.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\Network Blitz Bkgrd.gif -> [Ver = | Size = 5314 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Network Blitz.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Network Blitz.htm -> [Ver = | Size = 407 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Pie Charts Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Pie Charts Bkgrd.jpg -> [Ver = | Size = 2371 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Pie Charts.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Pie Charts.htm -> [Ver = | Size = 290 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
sunbannA.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\sunbannA.gif -> [Ver = | Size = 9749 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Sunflower Bkgrd.jpg -> %CommonProgramFiles%\Microsoft Shared\Stationery\Sunflower Bkgrd.jpg -> [Ver = | Size = 17147 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Sunflower.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Sunflower.htm -> [Ver = | Size = 402 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Sweets Bkgrd.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\Sweets Bkgrd.gif -> [Ver = | Size = 917 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Sweets.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Sweets.htm -> [Ver = | Size = 361 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
tech.gif -> %CommonProgramFiles%\Microsoft Shared\Stationery\tech.gif -> [Ver = | Size = 862 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
Technical.htm -> %CommonProgramFiles%\Microsoft Shared\Stationery\Technical.htm -> [Ver = | Size = 411 bytes | Created Date = 1/18/2007 7:35:53 PM | Attr = ]
msconv97.dll -> %CommonProgramFiles%\Microsoft Shared\TextConv\msconv97.dll -> [Ver = | Size = 143434 bytes | Created Date = 1/18/2007 7:35:42 PM | Attr = ]
atrc.dll -> %CommonProgramFiles%\Real\Codecs\atrc.dll -> RealNetworks, Inc. [Ver = 10.0.0.3083 | Size = 77824 bytes | Created Date = 2/6/2007 10:31:03 PM | Attr = ]
cook.dll -> %CommonProgramFiles%\Real\Codecs\cook.dll -> RealNetworks, Inc. [Ver = 10.0.0.2389 | Size = 65536 bytes | Created Date = 2/6/2007 10:31:03 PM | Attr = ]
drv1.dll -> %CommonProgramFiles%\Real\Codecs\drv1.dll -> RealNetworks, Inc. [Ver = 10.0.0.1253 | Size = 102400 bytes | Created Date = 2/6/2007 10:31:04 PM | Attr = ]
drv2.dll -> %CommonProgramFiles%\Real\Codecs\drv2.dll -> RealNetworks, Inc. [Ver = 10.0.0.2373 | Size = 176128 bytes | Created Date = 2/6/2007 10:31:04 PM | Attr = ]
drvc.dll -> %CommonProgramFiles%\Real\Codecs\drvc.dll -> RealNetworks, Inc. [Ver = 10.0.0.1740 | Size = 266240 bytes | Created Date = 2/6/2007 10:31:05 PM | Attr = ]
hxltcolor.dll -> %CommonProgramFiles%\Real\Codecs\hxltcolor.dll -> RealNetworks, Inc. [Ver = 10.0.0.1110 | Size = 241664 bytes | Created Date = 2/6/2007 10:31:06 PM | Attr = ]