Here are the log files you requested.
Should this be removed
(O4 - HKLM\..\Run: [pdsnnkk] C:\WINDOWS\pdsnnkk.EXE)?
hijackthis run in normal mode
Logfile of HijackThis v1.99.1
Scan saved at 10:47:00 PM, on 9/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ssisvr32.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\pdsnnkk.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Miriam\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [pdsnnkk] C:\WINDOWS\pdsnnkk.EXE
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
http://files.member....s/sbc/yinst.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1125873050593O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1125899053218O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.ofoto.com..._1/axofupld.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -
http://community.web...otoUploader.CABO18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
+++++++++
Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:51:33 PM, 9/16/2005
+ Report-Checksum: 82028E18
+ Scan result:
C:\Program Files\Securexam Student\ssi_student.exe -> Heuristic.Win32.AVKiller : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\_rtneg2 -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\_rtneg2\eeennn -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\_rtneg2\kkws -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\_rtneg2\ppops -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\_rtneg2\reel -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-560166912-1027346948-1536049589-1007\Software\_rtneg2\ssites -> Spyware.Begin2Search : Cleaned with backup
C:\Documents and Settings\Miriam\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\CMAPP\cmappstub.exe -> TrojanDownloader.Agent.tf : Cleaned with backup
C:\Program Files\CMSystem\CMSystem.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CMSystem\plugin.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\12D58F22-59DA-4D3B-A7B6-253A06\FEAE3812-5B7D-4B18-AD5E-1C789A -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3844EFAD-0BA4-4347-9E93-FF1388\178DBF4E-BEFD-4564-94DB-37BD11 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4105A176-D73C-494F-BF78-02B9A9\E3D5E0DE-21C7-4B28-A728-8DAF2A -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\56F4E12A-34E9-4EE7-B8D5-2EC98F\EE92C6A5-98A0-491D-BA6E-06123F -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C50A34EE-55F7-49E8-9BAA-B7E02A\83489111-2613-4266-85DB-B1CA72 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DDB0D6B7-6D5D-49EF-ACB4-FB1884\1AF3FA4E-B120-4F66-BD39-A7E4F8 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0BE136C-4670-419D-BC3F-D31031\8D5FEDF0-344F-4036-A046-7B54BB -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\WINDOWS\brmyictusnv.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\lumkzim.exe -> TrojanDropper.Agent.tb : Cleaned with backup
C:\WINDOWS\puljhti.exe -> TrojanDropper.Agent.tb : Cleaned with backup
C:\WINDOWS\system\QBTool.exe -> Trojan.Registrator.b : Cleaned with backup
C:\WINDOWS\system32\epb7wyc.dll -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\hxrtet.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\netlanm.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\nsd252.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\otuxjg.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\pkshfrfe.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\pkshlimn.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\pkshzbyu.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\pshwr.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\sav2.exe -> TrojanDownloader.Apropo.aj : Cleaned with backup
C:\WINDOWS\undiea.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\urzrmrd.exe -> TrojanDropper.Agent.tb : Cleaned with backup
C:\WINDOWS\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\yjuwenc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
::Report End
+++++++
FindIT
Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 09/16/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first
* UPX! C:\WINDOWS\TSC.EXE
»»»»» lagitamate file's can/will show in this section.
* UPX! C:\WINDOWS\RMAGEN~1.DLL
* UPX! C:\WINDOWS\VSAPI32.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»
* SAHAgent C:\WINDOWS\System32\2OG9BEUO.INI
* SAHAgent C:\WINDOWS\System32\G7TQQ760.INI
* SAHAgent C:\WINDOWS\System32\KKC8K2NF.INI
»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.
Volume in drive C has no label.
Volume Serial Number is 44B0-3C2E
Directory of C:\WINDOWS\SYSTEM32
04/06/2005 05:19 PM <DIR> cache32_rtneg2
09/04/2005 10:58 AM <DIR> cache32_rtneg4
0 File(s) 0 bytes
2 Dir(s) 34,333,212,672 bytes free
»»»»» Checking for SAHAgent ico files.
Volume in drive C has no label.
Volume Serial Number is 44B0-3C2E
Directory of C:\WINDOWS\system32
09/05/2005 03:25 PM 1,406 AddQuit.ico
03/20/2005 08:34 PM 2,998 bball.ico
01/27/2005 09:48 PM 2,526 bikini31.ico
04/22/2005 12:42 PM 3,262 bingo_big2.ico
09/04/2005 10:58 AM 3,262 bingo_big31.ico
09/04/2005 11:00 AM 3,262 bingo_big3123.ico
11/15/2004 04:27 PM 3,262 body2.ico
12/16/2004 12:07 PM 3,262 bubbles-ke2.ico
12/12/2004 01:38 PM 3,262 bubbles-ki.ico
01/22/2005 12:40 PM 2,526 bum.ico
11/04/2004 12:47 AM 2,238 celebslifestyle1.ico
03/15/2005 09:48 PM 3,262 conver radio 32x32-21.ico
12/17/2004 02:26 PM 3,262 creditcard321.ico
05/11/2005 07:18 PM 3,262 creditcard32123123123asdsa.ico
05/11/2005 07:18 PM 3,262 creditcard32123123123asdsa1.ico
09/04/2005 10:58 AM 3,262 creditcard32123123123asdsa12.ico
09/04/2005 11:00 AM 3,262 creditcard32123123123asdsa123.ico
01/11/2005 10:29 PM 4,286 datingpof1.ico
09/05/2005 03:25 PM 9,470 Desktop.ico
11/17/2004 08:55 PM 1,078 disk01.ico
03/23/2005 11:45 PM 3,262 eye41.ico
01/15/2005 11:22 AM 1,406 favicon(1)1.ico
12/12/2004 01:38 PM 4,286 greenmovie.ico
12/16/2004 12:07 PM 4,286 greenmovie2.ico
03/05/2005 04:30 PM 4,286 greenmovie2311.ico
03/06/2005 08:07 PM 4,286 greenmovie2313.ico
03/13/2005 11:08 AM 4,286 greenmovie2313asa.ico
04/06/2005 05:19 PM 4,286 greenmovie2313asaadsasfad.ico
05/11/2005 07:18 PM 4,286 greenmovie2313asaadsasfad112341231adsfa.ico
09/04/2005 11:00 AM 4,286 greenmovie2313asaadsasfad112341231adsfa1.ico
09/04/2005 10:58 AM 4,286 greenmovie2313asaadsasfad112341231adsfa123.ico
09/05/2005 03:25 PM 1,406 Help.ico
03/05/2005 04:30 PM 3,262 hotbod.ico
03/02/2005 08:35 PM 3,262 hotbod123121.ico
02/18/2005 11:15 AM 2,526 ibm laptop1.ico
03/05/2005 04:30 PM 2,526 ibm laptop21.ico
03/31/2005 12:38 AM 2,526 ibm laptop31.ico
03/05/2005 04:30 PM 3,262 ico_bikini49_gif_32x32.ico
09/05/2005 03:25 PM 5,350 IE.ico
12/09/2004 12:28 PM 4,286 internet popup blocker1.ico
03/07/2005 07:58 PM 3,262 kas pink1233.ico
03/23/2005 05:07 PM 3,262 kas pink1233a1.ico
04/14/2005 07:41 PM 3,262 kas pink1233aadsfa.ico
03/31/2005 12:38 AM 3,262 kas pink1233aadsfa1.ico
04/15/2005 12:25 AM 3,262 kas pink1233aadsfa12.ico
01/15/2005 11:22 AM 2,526 kas123123211.ico
02/27/2005 09:44 PM 3,262 kas4b.ico
03/15/2005 09:48 PM 3,262 kas4c1.ico
02/12/2005 11:25 AM 2,526 kasant1.ico
02/18/2005 11:15 AM 4,286 kevid231231.ico
04/07/2005 08:19 AM 4,286 kevid231231aa.ico
09/04/2005 11:00 AM 3,262 kill all spyware.ico
12/09/2004 12:28 PM 4,286 kill all spyware212345.ico
02/18/2005 11:15 AM 4,286 kill all spyware212412431.ico
03/09/2005 06:31 PM 4,286 kill all spyware2124124311.ico
02/08/2005 08:14 PM 4,286 kill all spyware32a1.ico
03/02/2005 08:35 PM 4,286 kill all spyware33a1.ico
03/05/2005 04:30 PM 3,262 kill all spyware4.ico
03/11/2005 10:40 PM 3,262 kill all spyware451.ico
12/09/2004 12:28 PM 3,262 kill evidence 3.ico
01/27/2005 09:48 PM 2,526 kill internet popups12.ico
11/11/2004 06:11 PM 4,286 kill internet popups51.ico
04/25/2005 11:10 PM 3,262 kill popups.ico
04/25/2005 11:10 PM 3,262 kill spyware1.ico
04/25/2005 11:10 PM 3,262 kill spyware12.ico
01/20/2005 08:15 PM 4,286 kill xp popups 331.ico
12/17/2004 02:26 PM 3,262 killallspyware00.ico
02/18/2005 11:15 AM 3,262 killinternetpops32121.ico
03/02/2005 08:36 PM 3,262 kspy1.ico
01/13/2005 04:03 PM 2,526 laptop41.ico
03/02/2005 08:35 PM 1,078 mac02.ico
03/23/2005 11:45 PM 4,286 moviescirc2.ico
10/28/2004 07:12 PM 4,286 moviesorange2.ico
03/02/2005 08:35 PM 4,286 moviesorangecirc1.ico
03/13/2005 11:08 AM 4,286 mp3 players4sale1.ico
03/23/2005 11:45 PM 4,286 mp3 players4salea.ico
03/09/2005 10:10 AM 4,286 mp3red51a.ico
05/11/2005 07:18 PM 4,286 mp3red51aads.ico
09/05/2005 03:25 PM 1,718 Open.ico
03/05/2005 04:30 PM 3,262 poker11212.ico
03/11/2005 10:40 PM 4,286 pop up blaster.ico
02/17/2005 10:28 PM 4,286 pop up blaster1.ico
09/04/2005 10:58 AM 4,286 pop up blaster1232131.ico
09/04/2005 10:58 AM 4,286 pop up blaster12321312.ico
01/11/2005 10:29 PM 16,614 popupblocker231.ico
05/11/2005 07:18 PM 16,614 popupblocker3.ico
05/11/2005 07:18 PM 16,614 popupblocker31.ico
01/23/2005 09:37 PM 4,286 popupkiller123123a.ico
04/14/2005 07:41 PM 3,262 popupkiller2asdf.ico
04/15/2005 12:25 AM 3,262 popupkiller2asdf1.ico
01/30/2005 02:12 PM 3,262 pp_red1221.ico
09/05/2005 03:25 PM 1,718 Quick.ico
04/01/2005 02:44 PM 2,238 red_kas1.ico
05/11/2005 07:18 PM 2,238 red_kas21.ico
09/04/2005 10:58 AM 3,262 ringtone21.ico
01/30/2005 02:12 PM 19,942 securefavorites.ico
09/04/2005 10:58 AM 3,262 sony psp1.ico
09/05/2005 03:25 PM 2,550 Uninstall.ico
01/29/2005 05:30 AM 4,286 usagold312.ico
03/02/2005 08:35 PM 3,262 usaplat1231231231.ico
12/12/2004 01:38 PM 4,286 usaplatinum.ico
01/15/2005 11:22 AM 4,286 usaplatinum12.ico
01/29/2005 05:30 AM 4,286 usaplatinum12342342341.ico
01/08/2005 01:17 PM 4,286 usaplatinum609.ico
11/22/2004 10:56 AM 4,286 usaplatinum61.ico
12/17/2004 02:26 PM 3,262 usplat151.ico
01/23/2005 09:37 PM 3,262 usplat15112.ico
05/11/2005 07:18 PM 3,262 vhe233a1.ico
04/25/2005 11:10 PM 19,942 virus hunter yeah1.ico
12/07/2004 02:11 PM 19,942 virushunter1.ico
03/05/2005 04:30 PM 19,942 virushunter1231.ico
01/30/2005 02:12 PM 19,942 virushunter231.ico
12/17/2004 02:26 PM 19,942 virushunter31.ico
09/04/2005 11:00 AM 19,942 virushunter4.ico
10/26/2004 05:08 PM 19,942 wmkiller2.ico
09/04/2005 10:58 AM 3,262 xboxab.ico
09/04/2005 10:58 AM 3,262 xboxab1.ico
12/17/2004 02:26 PM 3,262 xmas.ico
12/16/2004 12:07 PM 3,262 xox23_icon.ico
01/07/2005 03:40 PM 3,262 yuk or yum 41.ico
12/09/2004 12:28 PM 3,262 yuk or yum 7.ico
02/17/2005 10:28 PM 3,262 yuk or yum 7adsfas1.ico
12/07/2004 02:11 PM 3,262 yuk or yum.ico
01/23/2005 09:37 PM 5,182 yuk or yum1a.ico
124 File(s) 603,416 bytes
0 Dir(s) 34,333,200,384 bytes free
»»»»»»»»»»»»»»»»»»»»»»»».
HKEY_CURRENT_USER\Software\aurora\AUI3d5OfSInst
HKEY_CURRENT_USER\Software\aurora\AUC3n5trMsgSDisp
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky1S
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky2S
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky3S
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky4S
HKEY_CURRENT_USER\Software\aurora\AUC1o3d5eOfSFinalAd
HKEY_CURRENT_USER\Software\aurora\AUT3i5m7eOfSFinalAd
HKEY_CURRENT_USER\Software\aurora\AUD3s5tSSEnd
HKEY_CURRENT_USER\Software\aurora\AU3N5a7tionSCode
HKEY_CURRENT_USER\Software\aurora\AUP3D5om
HKEY_CURRENT_USER\Software\aurora\AUT3h5rshSCheckSIn
HKEY_CURRENT_USER\Software\aurora\AUT3h5rshSMots
HKEY_CURRENT_USER\Software\aurora\AUM3o5deSSync
HKEY_CURRENT_USER\Software\aurora\AUI3n5ProgSCab
HKEY_CURRENT_USER\Software\aurora\AUI3n5ProgSEx
HKEY_CURRENT_USER\Software\aurora\AUI3n5ProgSLstest
HKEY_CURRENT_USER\Software\aurora\AUC3n5tFyl