Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

UMonitor, .dll problems

Started by tdcook4 , Dec 20 2004 02:44 AM

Please log in to reply

#16
Metallica

Posted 24 December 2004 - 01:29 PM

Spyware Veteran

GeekU Moderator
33,101 posts

OK this will take a while but it should be worth the trouble.

Download and install Agent Ransack: http://www.mythicsof...x?page=download

Then use the settings as in the example I wil attach.

It will take quite a while before it's done.

When it is click "Save results" (icon #4 from the left)
Choose save to clipboard and paste them into your next post.

Hopefully this will tell us which file(s) is reporting that ugly missing.

Regards,

Pieter

Attached Thumbnails

#17
tdcook4

Posted 24 December 2004 - 10:03 PM

Member

Topic Starter
Member
19 posts

Hmmm...I'm not so sure I did this right, but I'll send the results anyway. In order to use the settings in your example, I had to click on the Expr. Wizard...something about 'regular expressions'? I left everything blank on the options page...just let the expressions wizard do whatever it does. Let me know if I need to do something different.

I really hate to post this log...it seems awfully long. I do realize it's Christmas, so I'm not expecting to hear back soon

C:\Program Files\TDS3\Logs\Dec\24-12-04 Fri.txt (4 KB, 12/24/2004 1:43:16 AM)
21 00:40:56 [File Scan] Scanning file C:\WINDOWS\SYSTEM32\guard.tmp

C:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-14 00-56-04.txt (17 KB, 12/14/2004 12:56:04 AM)
159 Data : guard.tmp
165 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
185 Data : guard.tmp
191 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 00-32-13.txt (9 KB, 12/24/2004 12:32:13 AM)
146 Data : guard.tmp
152 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
172 Data : guard.tmp
178 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 02-38-35.txt (33 KB, 12/24/2004 2:38:35 AM)
667 Data : guard.tmp
673 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 03-05-09.txt (30 KB, 12/24/2004 3:05:09 AM)
642 Data : guard.tmp
648 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
668 Data : guard.tmp
674 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 15-47-58.txt (35 KB, 12/24/2004 3:47:58 PM)
662 Data : guard.tmp
668 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Desktop\Backup.bkf (385681 KB, 12/15/2004 11:34:05 PM)
194202 Åìÿÿÿÿ†commandðÿÿÿlh x a o ŸUpÿÿÿrundll32.exe C:\PROGRA~1\AMERIC~1.0D\WEBCAL~1.DLL,WebCalHandler %1 ÿÿÿnk ²Îù'zàÄ –4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ<éÉð Programmable96-4˜ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ è¾Ì1¥ ÿÿÿÿ6ÿÿÿÿ VersionIndependentProgIDàÿÿÿvk 8¸2n ContactIðÿÿÿaimuõ Tðÿÿÿ¸óm õm 1ˆÿÿÿnk JEð'zàÄ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0c&{7DD95801-9882-11CF-9FA9-00AA006C42C4} ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿImpl Insertableries-1¨ÿÿÿ{00A987AE-587B-4343-B826-89F17AB41A03}peLibÀÿÿÿlh øøp ÏÜ¤‡0¬ Bæîè/ ö%~xN/ îæë~°à/ 9y»]chali1.0Libàÿÿÿhl¥ Xn¥ Xm¥ Ø ¸ot Ds QØÿÿÿvk ,(#a §PublisherModel Q˜ÿÿÿnk þ õ'zàÄ X/1 °6áÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLLImplemented CategoriesA9 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ±rR ProgrammableC3-4Àÿÿÿvk&€e{E2527B48-1C57-4187-A2B0-A96632D78975}BèÿÿÿvkLu¥ sDèÿÿÿvk~Mk a ÿÿÿnk JEð'zàÄ ˜5 @ô` ÿÿÿÿ ³Ì1¥ ÿÿÿÿ ˆ+6 MiscStatusnda ÿÿÿnk þ õ'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 Insertable ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32ˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95801-9882-11CF-9FA9-00AA006C42C4}A9ðÿÿÿ1.0uõ T ÿÿÿnk þ õ'zàÄ X/1 P a ÿÿÿÿ €€á1¥ ÿÿÿÿ pb6 MiscStatusnda˜ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ à·Ì1¥ ÿÿÿÿ0VersionIndependentProgIDÀÿÿÿlh @ea C ÇÚx 1 uõ TXI1 Õ—R Xk × § @1 s Qÿÿÿÿÿÿÿÿèÿÿÿvka bàÿÿÿ12/15/2004¨Õ—R s Q ÿÿÿnk ¬V"(zàÄ ð+6 ÿÿÿÿÿÿÿÿ ˆ£Ì1¥ ÿÿÿÿdllInprocServer32 T ÇÚ ¸ a øÿÿÿ8 a àÿÿÿvk `.a lCommentshbin a ¶fý U8gƒ%ª wløA¯ ¨ µ˜ÿÿÿnk JEð'zàÄ ˜5 è¬Ìÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLø+6 Implemented Categories Tðÿÿÿ0A• `B• 88• øÿÿÿ¸ a ÿÿÿnk ¦y$UÄ ¸!a ÿÿÿÿ X!a hÅìÿÿÿÿ ,m Àª AolCalSvr.ACMonthViewCtrl.5ÍÐ6åâèÿÿÿvk,(!a è÷ÐÿÿÿACMonthViewCtrl Classøÿÿÿ !a ¨ÿÿÿnk ¦y$UÄ a ÿÿÿÿÿÿÿÿ 8"a hÅìÿÿÿÿNß¯NÅ CLSIDS±Zðÿÿÿlh `!a [‹¸ èÿÿÿvkNà!a ÇÙ¨ÿÿÿ{0FE9096F-7F7A-4e40-857C-E48A53440DFE}ŒÕ’Q ÒøÿÿÿÈ!a ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dllTèÿÿÿvk¸ a a ÿÿÿlh €%a dÁU a 2.ô¢ Å` C ÇÚð a }‚µ x a Éß ÐÅçuõ T¸Ä` Õ—R 0ag × §€Ug ât…†ˆ+6 s Qusvk ÐÿÿÿMicrosoft Corporationøÿÿÿ a ¨ÿÿÿnk þ õ'zàÄ a ÿÿÿÿÿÿÿÿ ø¯á1¥ ÿÿÿÿpb6 1ypeLibQ¨ÿÿÿnk þ õ'zàÄ X/1 ÿÿÿÿÿÿÿÿ 8±á1¥ ÿÿÿÿNA0TypeLib˜ÿÿÿnk 1ü'zàÄ –4 hiåÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLImplemented Categories-1àÿÿÿvk X a QitemadinøÿÿÿÈú` ðÿÿÿH÷m ¨øm Ø/a ðÿÿÿ1.0uõ T ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ ¸É³1¥ ÿÿÿÿhLLInprocServer32Ä ¨ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ Xpå1¥ ÿÿÿÿNrver TypeLibeøÿÿÿ ü` ¨ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿˆ+6 Controlt ÿÿÿlh ˆ,a dÁU@ a 2.ô¢(Æ` C ÇÚØ a }‚µ a Éß €—5 uõ TÈÅ` Õ—R ¸#a × §à6¥ ât…†pb6 s QuspeLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿ P ·1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ ppì1¥ ÿÿÿÿ6rver VersionIndependentProgID¸ÿÿÿC:\WINDOWS\system32\guard.tmp.dlÈ a ˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06ˆÿÿÿnk Î (zàÄ þ xðh ÿÿÿÿ ¨Ì1¥ ÿÿÿÿ0.&{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}C5 ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammablerammøÿÿÿH a ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ HÉ³1¥ ÿÿÿÿhInprocServer32Seˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06 ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32Se ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ DÉ1¥ ÿÿÿÿhInprocServer32Se¨ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLControløÿÿÿ0ý` ˜ò` èÿÿÿ`×c HÚc àÕc 0e’ àÿÿÿvk ÐMa a FileNameøÿÿÿÈ a ÿÿÿnk -|$UÄ ,a ÿÿÿÿ +a hÅìÿÿÿÿ (ù¤$K AolCalSvr.ACToolBarCtrl.5ÖÝhÈ; èÿÿÿvk(p+a ÃæÐÿÿÿACToolBarCtrl Class%è –øÿÿÿX+a ¨ÿÿÿnk -|$UÄ è*a ÿÿÿÿÿÿÿÿ €,a hÅìÿÿÿÿN„^Oú CLSIDp ðÿÿÿlh ¨+a [‹¸ èÿÿÿvkN(,a µ?¨ÿÿÿ{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}í„ Høÿÿÿ ,a ¨ÿÿÿnk ¤§ò'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿh/a Control¨ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0bControle ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ øe¾1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿ ¸4ì1¥ ÿÿÿÿ<LLVersionIndependentProgID¨ÿÿÿnk ( (zàÄ h7a ÿÿÿÿÿÿÿÿ PEì1¥ ÿÿÿÿntPr 1ogIDøÿÿÿÀü` àÿÿÿYour Commentsøÿÿÿxð` àÿÿÿvk R¨/n a HelpLinkðÿÿÿØúm 8üm LibDèÿÿÿvk,e ¶»ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll06èÿÿÿlh ðóp 6ãÐ q Ðô3ðÿÿÿØ©a ªa s Qˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 &{7DD95801-9882-11CF-9FA9-00AA006C42C4}sIðÿÿÿHU• ˆV• G• ðÿÿÿXµa ¸z4 `¯a hbin0a ä¢píDað å Ú (§þIü˜ÿÿÿnk Xl÷'zàÄ x’4 xÇÌÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿL8 a Implemented CategoriesA9ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿð&a Insertablenda¨ÿÿÿ{3F8E02B4-6601-41A2-95E7-6BD102935C55}peLib¨ÿÿÿnk N³ (zàÄ ð(ìÿÿÿÿÿÿÿÿ P“Õ1¥ ÿÿÿÿN0cTypeLib ¸s8 hå8 ó` èÒc xT¥ Ð–¬ D× §øÿÿÿPDa øÿÿÿàca vk €5VersionHøÿÿÿ da ðÿÿÿlh Ø8a 1Øÿÿÿvk : ëc URLInfoAboutLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32e ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32 ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿhProgrammable32a ÿÿÿnk ÜC (zàÄ °1 ÿÿÿÿÿÿÿÿ Pvì1¥ ÿÿÿÿr.dToolboxBitmap32¨ÿÿÿnk T+x(zàÄ Ð30 ÿÿÿÿÿÿÿÿ X!0 1¥ ÿÿÿÿNb9TypeLibàÿÿÿvk R@žp atHelpLinkÿÿÿnk Z~$UÄ ˆ6a ÿÿÿÿ (6a hÅìÿÿÿÿ (^‚Ã AolCalSvr.ACMPickerCtrl.5»_q8nðjèÿÿÿvk(ø5a OcÐÿÿÿACMPickerCtrl Classx( øÿÿÿà5a ¨ÿÿÿnk Z~$UÄ p5a ÿÿÿÿÿÿÿÿ 7a hÅìÿÿÿÿNÄ> ‰ CLSID–ÂQðÿÿÿlh 06a [‹¸ èÿÿÿvkN°6a ö¹¨ÿÿÿ{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}ôÔÃ ©’øÿÿÿ˜6a ¨ÿÿÿnk ²Îù'zàÄ Hbg ÿÿÿÿÿÿÿÿ pÙá1¥ ÿÿÿÿA
194203 ÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ xÀq ÿÿÿÿÿÿÿÿ 0œ” hÅìÿÿÿÿ* u¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿvisplayN¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ w¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿx¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHyàºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿèb€¶ z`ºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¼q [vk¸þÿÿlh ÐÀq Aˆêq Bàêq C8ëq Dëq Eèëq F@ìq G˜ìq HPíq I¨íq Jîq KXîq Lðìq M@ïq N˜ïq Oè¶q P@·q Q˜·q R°îq SÈ¸q T ¹q Ux¹q VÐ¹q W(ºq X€ºq YØºq Z0»q [¸vk:€¼q @C:\WINDOWS\System32\msbe.dll`h¼q Xnk ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHELP alh¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ2\bø»q ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿcC6906A2¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtcd¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhf`·KßÄ ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿbCls gðÀq ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhd¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q m×q Jèÿÿÿ.jtmpl?hbinÀq ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ @ø4 hÅìÿÿÿÿ,04r¨ÿÿÿnk "Õ’`ßÄ pÑb ˆ»q ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ³q g³q J¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿPÁq aÁq Uàÿÿÿvk è¿q 025 YZ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ Àœ5 hÅìÿÿÿÿ20tN¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿBEuE15¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿversion¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿw8EEE58D¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxÿÿÿÿÿÿÿ¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ yÄq ¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿz¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿc180 [ ÈÃq ¸þÿÿlh ØÑq A0âq Bˆâq Cèq Dèèq E@éq F²q Gh²q H ³q Ix³q JÐ³q K(´q LÀ²q Mµq Nhµq OÀµq P¶q Q Àq R€´q SPÁq T¨Áq UÂq VXÂq W°Âq XÃq Y`Ãq Z¸Ãq [€Äq pvk @ Åq InstallDirHC:\Program Files\TopConveràÿÿÿvk HÌq q 026 p¿q Îq ÿÿÿnk ¸KßÄ pv{ÿÿÿÿÿÿÿÿ °xåhÅìÿÿÿÿ€TopConvertingØÿÿÿvk Æq DisplayNameàÿÿÿarkanoid GameXÇq Øÿÿÿvk €XÆq UninstallStringxÿÿÿC:\Program Files\TopConverting\arkanoid\arkanoid.exe /uninstall¸þÿÿlh °¬q Aq B’q Cp’q DÈ’q E “q Fx“q GÐ“q Hˆ”q Ià”q J8•q K•q L(”q Mx–q NÐ–q O(—q P€—q QØ—q Rè•q S™q T`™q U¸™q Všq WðËq XHÔq Yˆãq Zàãq [Xnk @¸KßÄ XÂq ÿÿÿÿÿÿÿÿ ÀŒìÿÿÿÿÿÿÿÿNTypeLib°lh¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿB-bB-2àÿÿÿvk ØÔq }038àÿÿÿvk ÀÈq 039sionðÿÿÿ.py?ˆÿÿÿnk Hñ »KßÄ þ øq ÿÿÿÿ Ø¶q hÅìÿÿÿÿ,&{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}èÿÿÿvk€˜ÿÿÿnk Hñ »KßÄ ÐÈq hq ÿÿÿÿ à¶q hÅìÿÿÿÿLImplemented Categoriesðÿÿÿ.jsp?èÿÿÿvk€ˆÿÿÿnk Hñ »KßÄ `Éq ÿÿÿÿÿÿÿÿ q hÅìÿÿÿÿ&{00021492-0000-0000-C000-000000000046}ðÿÿÿlh ðÉq ëö-cèÿÿÿvk€øÿÿÿxq ÿÿÿnk Ž†‘sòáÄ ÐÈq ÿÿÿÿÿÿÿÿ î/ hÅìÿÿÿÿDInprocServer32èÿÿÿlh `Éq 2.ô¢˜q C ÇÚèÿÿÿvk<(Ëq ¸ÿÿÿC:\WINDOWS\system32\guard.tmplØÿÿÿvk ˜Ëq ThreadingModelèÿÿÿApartmentÀÿÿÿvk&€{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxf1amic ðÿÿÿ.php àÿÿÿvk €1TPUSN_idàÿÿÿ(¨q €q £q P¨q x¨q XÌq ¸éq ¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ h‘” hÅìÿÿÿÿ8:grkanoid¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpart ha4¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¨Íq mÎq JK¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿData ivk ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe8j315¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¬¹6 kØcÏ |‡¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ16l000¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ °Þ4 hÅìÿÿÿÿ *¨Íq sÎq Jàÿÿÿvk €Ïq 032 Nèÿÿÿ.phtml Q¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿøÐq nvkðÿÿÿ.php?hbinÐq ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÐ oºfÕOßÄ ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtche pCB¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ qPÍq ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ (“” hÅìÿÿÿÿ":-4r-88¨ÿÿÿnk "Õ’`ßÄ pÑb Äq ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ¨Íq fÎq J¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿXÒq aÒq Uàÿÿÿvk ðÏq 027 YZ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ ¨‘” hÅìÿÿÿÿ0tLSID¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ-4u-88èÿÿÿ.php3?3A3èÿÿÿ.phtml?ÀÒq xÿÿÿC:\documents and settings\tammy\local settings\temp\grosVI.exeependexÿÿÿC:\documents and settings\tammy\local settings\temp\AZ7M2Ozhd.exe¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿomy Fiàÿÿÿvk ÀÔq e037ÿÿÿÿÿèÿÿÿ.process?ðÿÿÿ.py gØÿÿÿvk ~8Óq q grosVI.exeðÔq ¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ c¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ è” hÅìÿÿÿÿ&sidObj¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe\¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿfmiàÿÿÿvk àØq 035 §lì²àÿÿÿvk (ïq Zú036PÖq X{692B8041-F1C5-4881-82E9-4F94BBA34AC2}rVer` ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿiersion ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿj4EB7BBE¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿkÿÿÿÿÿÿÿ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ0l1.0¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q s×q Jàÿÿÿvk Óq 033 Nðÿÿÿ.pl?Q¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿnÿÿÿÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ ð·q ÿÿÿÿÿÿÿÿ œ” hÅìÿÿÿÿ&"o¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpC:¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ©:¼ qØ×q ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÙq rØq ±õ ¨ÿÿÿnk ]¾—`ßÄ ßq ÿÿÿÿÿÿÿÿ H” hÅìÿÿÿÿ×q a×q J¨ÿÿÿnk |7•`ßÄ ßq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿˆÛq bÛq Uàÿÿÿvk èßq 028 YZ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÜq ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿNu¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ04v¨ÿÿÿnk ]¾—`ßÄ ð·q ÿÿÿÿÿÿÿÿ ðœ” hÅìÿÿÿÿ""w¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ00x24-¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿH P¼ yøÚq ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ°Ûq zÜq üC¶»¨ÿÿÿnk |7•`ßÄ ð·q
194282 ~1\Tammy\LOCALS~1\Temp\temp.fr0ECC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021906.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr3D99\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021907.vxd!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr05C6\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021909.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA848\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021923.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA317\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021924.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frB6AC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021945.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFBDE\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021958.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0416\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021964.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0968\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022110.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFA94\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022112.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frCFD0\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022114.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr7F96\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022115.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr5687\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022116.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frCDF2\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022117.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frE82E\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022119.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA8D5\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022120.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frD292P hbinp<0à/\??\C:\WINDOWS\system32\h20q0cd5ef0.dll!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frDBA4\??\C:\WINDOWS\system32\guard.tmp!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frFAFC\??\C:\WINDOWS\system32\guard.tmp!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr0275\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024696.dll!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr006C\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024697.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr3F57\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024698.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr6DAF\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024699.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frF7C7\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024700.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr73FA\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024701.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr268F\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024702.vxd!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frE8BD\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024703.srg!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frDC99\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024704.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frB578\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024705.DLL!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr09C0331ø!F01-427C-A58A-7A2E4AABF84D}\RP222\A0021923.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA317\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021924.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frB6AC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021945.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFBDE\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021958.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0416\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021964.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0968\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022110.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFA94\??\C:\System Volume Information\_restore{

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log (6858 KB, 12/24/2004 12:36:36 AM)
0 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00f8f350 77f5c534 77e7a580 00000700 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00f8f3b8 77e7ab74 00000700 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00f8f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000f8f354 34 c5 f5 77 80 a5 e7 77 - 00 07 00 00 00 00 00 00 4..w...w........0000000000f8f364 00 00 00 00 9a 22 dd 77 - 00 07 00 00 00 00 00 00 .....".w........0000000000f8f374 06 00 52 00 00 00 00 00 - c8 f1 f8 00 01 00 00 00 ..R.............0000000000f8f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000f8f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 f8 00 ............h...0000000000f8f3a4 e0 83 e3 77 74 ff f8 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000f8f3b4 00 00 00 00 64 f4 f8 00 - 74 ab e7 77 00 07 00 00 ....d...t..w....0000000000f8f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 00 07 00 00 ................0000000000f8f3d4 ff ff ff ff 30 f0 d7 00 - c0 52 f2 00 24 02 00 00 ....0....R..$...0000000000f8f3e4 3a 02 00 00 1e 00 00 00 - 36 02 00 00 43 3a 5c 57 :.......6...C:\W0000000000f8f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000f8f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000f8f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000f8f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000f8f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f484 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................*----> State Dump for Thread Id 0x91c <----*eax=100287a4 ebx=00000000 ecx=00d7ed50 edx=00000000 esi=00000224 edi=00000000eip=7ffe0304 esp=00fdfd60 ebp=00fdfdc4 iopl=0 nv up ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00fdfd5c 77f5c534 77e7a580 00000224 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00fdfdc4 77e7ab74 00000224 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc80000002 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000fdfd60 34 c5 f5 77 80 a5 e7 77 - 24 02 00 00 00 00 00 00 4..w...w$.......0000000000fdfd70 00 00 00 00 a8 83 04 10 - 24 02 00
0 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00f8f350 77f5c534 77e7a580 00000230 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00f8f3b8 77e7ab74 00000230 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00f8f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000f8f354 34 c5 f5 77 80 a5 e7 77 - 30 02 00 00 00 00 00 00 4..w...w0.......0000000000f8f364 00 00 00 00 9a 22 dd 77 - 30 02 00 00 00 00 00 00 .....".w0.......0000000000f8f374 06 00 52 00 00 00 00 00 - c8 f1 f8 00 01 00 00 00 ..R.............0000000000f8f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000f8f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 f8 00 ............h...0000000000f8f3a4 e0 83 e3 77 74 ff f8 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000f8f3b4 00 00 00 00 64 f4 f8 00 - 74 ab e7 77 30 02 00 00 ....d...t..w0...0000000000f8f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 30 02 00 00 ............0...0000000000f8f3d4 ff ff ff ff 30 f0 d7 00 - c0 52 f2 00 1c 02 00 00 ....0....R......0000000000f8f3e4 0a 05 00 00 1e 00 00 00 - 82 05 00 00 43 3a 5c 57 ............C:\W0000000000f8f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000f8f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000f8f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000f8f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000f8f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f484 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................*----> State Dump for Thread Id 0x980 <----*eax=100287a4 ebx=00000000 ecx=00d7ed50 edx=00000000 esi=0000021c edi=00000000eip=7ffe0304 esp=00fdfd60 ebp=00fdfdc4 iopl=0 nv up ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00fdfd5c 77f5c534 77e7a580 0000021c 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00fdfdc4 77e7ab74 0000021c ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc80000002 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000fdfd60 34 c5 f5 77 80 a5 e7 77 - 1c 02 00 00 00 00 00 00 4..w...w........0000000000fdfd70 00 00 00 00 a8 83 04 10 - 1c 02 00
0 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00e3f350 77f5c534 77e7a580 000004a0 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00e3f3b8 77e7ab74 000004a0 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00e3f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000e3f354 34 c5 f5 77 80 a5 e7 77 - a0 04 00 00 00 00 00 00 4..w...w........0000000000e3f364 00 00 00 00 9a 22 dd 77 - a0 04 00 00 00 00 00 00 .....".w........0000000000e3f374 06 00 52 00 00 00 00 00 - c8 f1 e3 00 01 00 00 00 ..R.............0000000000e3f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000e3f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 e3 00 ............h...0000000000e3f3a4 e0 83 e3 77 74 ff e3 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000e3f3b4 00 00 00 00 64 f4 e3 00 - 74 ab e7 77 a0 04 00 00 ....d...t..w....0000000000e3f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 a0 04 00 00 ................0000000000e3f3d4 ff ff ff ff 30 f0 ab 00 - d8 52 c4 00 20 02 00 00 ....0....R.. ...0000000000e3f3e4 36 02 00 00 1e 00 00 00 - 32 02 00 00 43 3a 5c 57 6.......2...C:\W0000000000e3f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000e3f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000e3f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000e3f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000e3f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .....

C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf (92 KB, 12/24/2004 8:06:43 PM)
2 \ALL USERS\START MENU\PROGRAMS\ADOBE PHOTOSHOP ELEMENTS 2.0.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ADOBE READER 6.0.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\DELL MEDIA EXPERIENCE.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\DELL NETWORKING GUIDE.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MSN EXPLORER.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\REALONE PLAYER.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\SOLUTION CENTER.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS JOURNAL VIEWER.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS MESSENGER.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS MOVIE MAKER.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\ACCESSIBILITY\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\COMMUNICATIONS\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\ENTERTAINMENT\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\CALCULATOR.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\PAINT.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\SCANNER AND CAMERA WIZARD.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\WORDPAD.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\ACCESSIBILITY\ACCESSIBILITY WIZARD.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\COMMUNICATIONS\HYPERTERMINAL.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\COMMUNICATIONS\NETWORK CONNECTIONS.LNK\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\ACCESSORIES\COMMUNICATIONS\NETWORK SETUP WIZARD.LNK\DEVICE\HARDDISKVOLUME2\WINDOWS\FONTS\FRAMDIT.TTF\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\GUARD.TMP\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\COMDLG32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLEDLG.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\PSAPI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WINSPOOL.DRV\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WS2_32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WS2HELP.DLL\DEVICE\HARDDISKVOLUME2\RECYCLER\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SETUPAPI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MYDOCS.DLL\DEVICE\HARDDISKVOLUME2\PROGRA~1\NORTON~1\NISRES.DLL\DEVICE\HARDDISKVOLUME2\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.DLL\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\AIM\AIMRES.DLL\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\TIVO\DESKTOP\TIVOSERVER.EXE\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\TAMMY\NETHOOD\BIRTHS ON GATEWAY (STEPHEN)\DESKTOP.INI\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE\DEVICE\HARDDISKVOLUME2\PROGRA~1\PURENE~1\PORTMA~1\LIBCFY.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\NETSHELL.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CREDUI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\IPHLPAPI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MORICONS.DLL\DEVICE\HARDDISKVOLUME2\DELL\DELLCIRC.ICO\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MSI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WIN32K.SYS(ºª<‡ Ä ÙÎA4Xø P C\DEVICE\HARDDISKVOLUME2¾%”H/I/11½1½1¥1¥1£1£1¹1¹1®1®1Â1Â1Ÿ1Ÿ1Ë1Ë1¡1¡1ý/þ/:& Hï 00ù/ú/è/é/à/á/ß/à/Þ/ß/Ú/Û/Ï/Ð/¼/½/»/¼/´/µ/°/±/¦/§/ÞL _Ò…olß á i* ¯ ¯ Y Y ñ ñ úC ™h h E E :¢ ¢ ± ± p p » » ¢@ @ 4A s s š½ ½ © ª i i š §›Á Á †™_ _ ˆ™Š™‡ ‡ u u ˆ ˆ öC 2A øC „âq q j j ¼ ¼ i i S U @ m m • • e e ôC B†Z3 u<A 11m1m1q1q1‰¨ÿÿ©s1s1}1}1œ1œ1ž1ž1¢1¢1¼1¼1¤1¤1¸1¸111Á1Á1Û^h ˆ11 Ñ"‚•^Jc> 1 1M/N/y/z/x/y/t/u/e/f/k/l/i/j/j/k/f/g/g/h/]/^/d/e/b/c/R/S/S/T/V/W/X/Y/W/X/T/U/Ó2Ó2 33xÿÿ‘óï0×0§¨ÿÿÓ2Ó2 33ÚišlTpYYP P V V ZZ;A ´4ð9,:Ð;ð;4>8>d>h>ÐDFXJ”i$(,04ŒÀ‘’““„•„™¤™àŸl§¨®ÑÑÑd×€ð|# , ”1 ˜1 œ1 \DEVICE\HARDDISKVOLUME2\/\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\9\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\J\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\N\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\R\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\V\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\1.0\T\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\j\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USER

C:\Documents and Settings\Tammy\Application Data\Iomega Automatic Backup\CacheFiles\IOM280.tmp (17 KB, 12/14/2004 12:56:04 AM)
159 Data : guard.tmp
165 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
185 Data : guard.tmp
191 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Local Settings\Temp\kb.log (2 KB, 12/23/2004 10:26:32 PM)
41 C:\WINDOWS\system32\guard.tmp

C:\WINDOWS\Prefetch\Layout.ini (347 KB, 12/24/2004 4:10:52 PM)
0 \SYSTEM32\BLACKBOX.DLLC:\WINDOWS\SYSTEM32\CAPICOM.DLLC:\WINDOWS\SYSTEM32\CONTROL.EXEC:\PROGRAM FILES\PESTPATROL\LOGS\C:\PROGRAM FILES\PESTPATROL\SPYWARE.DATC:\PROGRAM FILES\PESTPATROL\LOGS\TAMMY_COOKIEPATROL.LOGC:\WINDOWS\SYSTEM32\DEFRAG.EXEC:\WINDOWS\SYSTEM32\DFRGRES.DLLC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0C\C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VIEWPOINT\VIEWPOINT EXPERIENCE TECHNOLOGY\RESOURCES\C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VIEWPOINT\VIEWPOINT MEDIA PLAYER\C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VIEWPOINT\VIEWPOINT MEDIA PLAYER\RESOURCES\C:\PROGRAM FILES\COMMON FILES\NULLSOFT\C:\PROGRAM FILES\COMMON FILES\NULLSOFT\ACTIVEX\C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\HISTORY\C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\C:\WINDOWS\SYSTEM32\MACROMED\C:\WINDOWS\SYSTEM32\DFRGNTFS.EXEC:\WINDOWS\PREFETCH\LAYOUT.INIC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\C:\PROGRAM FILES\AMERICA ONLINE 9.0D\TOOL\C:\PROGRAM FILES\WORDPERFECT OFFICE 11\PROGRAMS\C:\WINDOWS\MSAGENT\C:\WINDOWS\SRCHASST\C:\WINDOWS\SYSTEM32\DRWTSN32.EXEC:\WINDOWS\SYSTEM32\DBGENG.DLLC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\DRWTSN32.LOGC:\WINDOWS\SYSTEM32\EXTS.DLLC:\WINDOWS\SYSTEM32\NTSDEXTS.DLLC:\WINDOWS\SYSTEM32\BROWSELC.DLLC:\PROGRAM FILES\AMERICA ONLINE 9.0D\TOOL\HTMLVIEW.TOLC:\WINDOWS\SRCHASST\SRCHUI.DLLC:\WINDOWS\SYSTEM32\PRINTUI.DLLC:\WINDOWS\SYSTEM32\SHMEDIA.DLLC:\WINDOWS\SYSTEM32\AVIFIL32.DLLC:\WINDOWS\SYSTEM32\WMVCORE.DLLC:\WINDOWS\SYSTEM32\WMASF.DLLC:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVSHEXT.DLLC:\WINDOWS\SYSTEM32\TDS3SHL.DLLC:\PROGRAM FILES\WORDPERFECT OFFICE 11\PROGRAMS\PFSE110.DLLC:\WINDOWS\SYSTEM32\JSCRIPT.DLLC:\WINDOWS\SRCHASST\SRCHCTLS.DLLC:\WINDOWS\MSAGENT\AGENTDP2.DLLC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLLC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\USER.DMPC:\WINDOWS\SYSTEM32\DUMPREP.EXEC:\WINDOWS\SYSTEM32\1033\C:\WINDOWS\SYSTEM32\DWWIN.EXEC:\WINDOWS\SYSTEM32\ZIPFLDR.DLLC:\DOCUME~1\TAMMY\LOCALS~1\TEMP\1576F4F.DMPC:\WINDOWS\SYSTEM32\1033\DWINTL.DLLC:\DOCUME~1\TAMMY\LOCALS~1\TEMP\31E4B4.DMPC:\DOCUME~1\TAMMY\LOCALS~1\TEMP\10C73A.DMPC:\DOCUME~1\TAMMY\LOCALS~1\TEMP\197035.DMPC:\WINDOWS\INSTALLER\C:\WINDOWS\SYSTEM32\GUARD.TMPC:\PROGRA~1\NORTON~1\NISRES.DLLC:\WINDOWS\SYSTEM32\ULIB.DLLC:\WINDOWS\PCHEALTH\HELPCTR\CONFIG\C:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\C:\WINDOWS\PCHEALTH\HELPCTR\PACKAGESTORE\C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPSVC.EXEC:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HCAPPRES.DLLC:\WINDOWS\PCHEALTH\HELPCTR\CONFIG\CNTSTORE.BINC:\WINDOWS\PCHEALTH\HELPCTR\PACKAGESTORE\SKUSTORE.BINC:\WINDOWS\PCHEALTH\HELPCTR\PACKAGESTORE\CRC_DISKC:\WINDOWS\PCHEALTH\HELPCTR\CONFIG\DATASPEC.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\HISTORY_DB.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5176.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_947.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_317.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5178.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5180.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5182.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5184.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5186.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5187.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5157.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5127.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5097.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5067.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5037.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_5007.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4977.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4947.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4917.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4887.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4857.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4827.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4797.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4767.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4737.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4707.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4677.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4647.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4617.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4587.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4557.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4527.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4497.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOLL\COLLECTEDDATA_4467.XMLC:\WINDOWS\PCHEALTH\HELPCTR\DATACOL

C:\WINDOWS\Prefetch\RUNDLL32.EXE-52B5E4C9.pf (33 KB, 12/24/2004 9:34:18 AM)
1 WS\SYSTEM32\MSASN1.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLE32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLEAUT32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLEDLG.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\PSAPI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\URLMON.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\VERSION.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\USERENV.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WININET.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WINSPOOL.DRV\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WS2_32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WS2HELP.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.1579_X-WW_7BBF8D08\COMCTL32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\WINDOWSSHELL.MANIFEST\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SORTKEY.NLS\DEVICE\HARDDISKVOLUME2\$MFT\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\UXTHEME.DLL\DEVICE\HARDDISKVOLUME2\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MSVCR70.DLL\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\COMMON FILES\AOL\ACS\WLHOOK.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RPCSS.DLL\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SECUR32.DLL\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\TAMMY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\TAMMY\COOKIES\INDEX.DAT\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\TAMMY\LOCAL SETTINGS\HISTORY\HISTORY.IE5\INDEX.DAT\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RASAPI32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RASMAN.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\NETAPI32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\TAPI32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RTUTILS.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WINMM.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SERWVDRV.DLL\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\CONNECTIONS\PBK\RASPHONE.PBK\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MSWSOCK.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WSHTCPIP.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DNSAPI.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WINRNR.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WLDAP32.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RASADHLP.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CRCDLL.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\EACDEC.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\GUARD.TMP\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\1.0\WHITELISTDLLREAD.INI\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\AMERICA ONLINE 9.0D\IDLEPROC.DLL\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MSVCR71.DLL(ºª<‡ Ä ÙÎA4XÐ ( \DEVICE\HARDDISKVOLUME29ÞL olY Y h h Z Z :tazz:

p ¢@ \ \ @ s s š© ª i i §›†™_ _ à à ˆ™Š™´ ´ 2A øC „âq q j j i i S U @ m m • • e e ôC B†° ° o o ( * <A 11m1m1q1q1‰¨ÿÿ©Ó2Ó2 33xÿÿ‘Ó2Ó2 33ÚišlYYZZ;A \DEVICE\HARDDISKVOLUME2\/\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\9\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\J\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\N\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\R\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\V\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\1.0\&\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\3\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\COMMON FILES\7\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\COMMON FILES\AOL\;\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\COMMON FILES\AOL\ACS\!\DEVICE\HARDDISKVOLUME2\PROGRA~1\*\DEVICE\HARDDISKVOLUME2\PROGRA~1\COMMON~1\3\DEVICE\HARDDISKVOLUME2\PROGRA~1\COMMON~1\SYMANT~1\<\DEVICE\HARDDISKVOLUME2\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ \DEVICE\HARDDISKVOLUME2\WINDOWS\)\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\'\DEVICE\HARDDISKVOLUME2\WINDOWS\WINSXS\z\DEVICE\HARDDISKVOLUME2\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.1579_X-WW_7BBF8D08\

C:\WINDOWS\REPAIR\SOFTWARE (27480 KB, 12/15/2004 11:30:46 PM)
1238 ÿÿÿLImplemented Categories-1àÿÿÿvk X a QitemadinøÿÿÿÈú` ðÿÿÿH÷m ¨øm Ø/a ðÿÿÿ1.0uõ T ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ ¸É³1¥ ÿÿÿÿhLLInprocServer32Ä ¨ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ Xpå1¥ ÿÿÿÿNrver TypeLibeøÿÿÿ ü` ¨ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿˆ+6 Controlt ÿÿÿlh ˆ,a dÁU@ a 2.ô¢(Æ` C ÇÚØ a }‚µ a Éß €—5 uõ TÈÅ` Õ—R ¸#a × §à6¥ ât…†pb6 s QuspeLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿ P ·1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ ppì1¥ ÿÿÿÿ6rver VersionIndependentProgID¸ÿÿÿC:\WINDOWS\system32\guard.tmp.dlÈ a ˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06ˆÿÿÿnk Î (zàÄ þ xðh ÿÿÿÿ ¨Ì1¥ ÿÿÿÿ0.&{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}C5 ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammablerammøÿÿÿH a ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ HÉ³1¥ ÿÿÿÿhInprocServer32Seˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06 ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32Se ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ DÉ1¥ ÿÿÿÿhInprocServer32Se¨ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLControløÿÿÿ0ý` ˜ò` èÿÿÿ`×c HÚc àÕc 0e’ àÿÿÿvk ÐMa a FileNameøÿÿÿÈ a ÿÿÿnk -|$UÄ ,a ÿÿÿÿ +a hÅìÿÿÿÿ (ù¤$K AolCalSvr.ACToolBarCtrl.5ÖÝhÈ; èÿÿÿvk(p+a ÃæÐÿÿÿACToolBarCtrl Class%è –øÿÿÿX+a ¨ÿÿÿnk -|$UÄ è*a ÿÿÿÿÿÿÿÿ €,a hÅìÿÿÿÿN„^Oú CLSIDp ðÿÿÿlh ¨+a [‹¸ èÿÿÿvkN(,a µ?¨ÿÿÿ{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}í„ Høÿÿÿ ,a ¨ÿÿÿnk ¤§ò'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿh/a Control¨ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0bControle ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ øe¾1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿ ¸4ì1¥ ÿÿÿÿ<LLVersionIndependentProgID¨ÿÿÿnk ( (zàÄ h7a ÿÿÿÿÿÿÿÿ PEì1¥ ÿÿÿÿntPr 1ogIDøÿÿÿÀü` àÿÿÿYour Commentsøÿÿÿxð` àÿÿÿvk R¨/n a HelpLinkðÿÿÿØúm 8üm LibDèÿÿÿvk,e ¶»ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll06èÿÿÿlh ðóp 6ãÐ q Ðô3ðÿÿÿØ©a ªa s Qˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 &{7DD95801-9882-11CF-9FA9-00AA006C42C4}sIðÿÿÿHU• ˆV• G• ðÿÿÿXµa ¸z4 `¯a hbin0a ä¢píDað å Ú (§þIü˜ÿÿÿnk Xl÷'zàÄ x’4 xÇÌÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿL8 a Implemented CategoriesA9ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿð&a Insertablenda¨ÿÿÿ{3F8E02B4-6601-41A2-95E7-6BD102935C55}peLib¨ÿÿÿnk N³ (zàÄ ð(ìÿÿÿÿÿÿÿÿ P“Õ1¥ ÿÿÿÿN0cTypeLib ¸s8 hå8 ó` èÒc xT¥ Ð–¬ D× §øÿÿÿPDa øÿÿÿàca vk €5VersionHøÿÿÿ da ðÿÿÿlh Ø8a 1Øÿÿÿvk : ëc URLInfoAboutLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32e ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32 ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿhProgrammable32a ÿÿÿnk ÜC (zàÄ °1 ÿÿÿÿÿÿÿÿ Pvì1¥ ÿÿÿÿr.dToolboxBitmap32¨ÿÿÿnk T+x(zàÄ Ð30 ÿÿÿÿÿÿÿÿ X!0 1¥ ÿÿÿÿNb9TypeLibàÿÿÿvk R@žp atHelpLinkÿÿÿnk Z~$UÄ ˆ6a ÿÿÿÿ (6a hÅìÿÿÿÿ (^‚Ã AolCalSvr.ACMPickerCtrl.5»_q8nðjèÿÿÿvk(ø5a OcÐÿÿÿACMPickerCtrl Classx( øÿÿÿà5a ¨ÿÿÿnk Z~$UÄ p5a ÿÿÿÿÿÿÿÿ 7a hÅìÿÿÿÿNÄ> ‰ CLSID–ÂQðÿÿÿlh 06a [‹¸ èÿÿÿvkN°6a ö¹¨ÿÿÿ{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}ôÔÃ ©’øÿÿÿ˜6a ¨ÿÿÿnk ²Îù'zàÄ Hbg ÿÿÿÿÿÿÿÿ pÙá1¥ ÿÿÿÿA01ypeLibb ÿÿÿnk ( (zàÄ Øº1 >a ÿÿÿÿ ÐDì1¥ ÿÿÿÿ ð-a MiscStatus{0ˆÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll, 605ÿÿÐÿÿÿvk ˆ=a o`jde{nlchd!bntqnor!".øÿÿÿ8Ga ÿÿÿnk ( (zàÄ Øº1 ÿÿÿÿÿÿÿÿ ZÈ1¥ ÿÿÿÿh@£_ï InprocServer322¨ÿÿÿnk ÜC (zàÄ À>a ÿÿÿÿÿÿÿÿ 20 1¥ ÿÿÿÿLL1ontrol ÿÿÿnk bR(zàÄ E0 ÿÿÿÿÿÿÿÿ ( Ö1¥ ÿÿÿÿvŒ¤ InprocServer32¨ÿÿÿ{229b78b8-38f5-11d5-9001-00c04f4c3b9f}DLL8Ga àÿÿÿvk \ lwaol.exeøÿÿÿ8ga ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll¨ÿÿÿnk 0.:(zàÄ Hé/ ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿChControl¨ÿÿÿ{3F8E02B4-6601-41A2-95E7-6BD102935C55}peLib¨ÿÿÿnk ò F(zàÄ 1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿosControl ÿÿÿnk AM(zàÄ &1 ÿÿÿÿÿÿÿÿ 8¬Ì1¥ ÿÿÿÿllß InprocServer32¨ÿÿÿ{229b78b8-38f5-11d5-9001-00c04f4c3b9f}peLib¨ÿÿÿ{229b78b8-38f5-11d5-9001-00c04f4c3b9f}peLib ÿÿÿnk ð|(zàÄ <0 ÿÿÿÿÿÿÿÿ À Ö1¥ ÿÿÿÿvCOInprocServer32DèÿÿÿvkNp ¶»@ACS.SENSReachability1bjPDa ðÿÿÿ3.0.6àÿÿÿ1103145573vkðÿÿÿ1349øÿÿÿfa Èÿÿÿvk X=a TInno Setup: Setup Versiona 1Øÿÿÿvk € oLastKeywordTypeøÿÿÿÀca ðÿÿÿlh .a 1ðÿÿÿHKCUIDèÿÿÿpÿo xp ˜p Àp @6n àÿÿÿvk pk commandn ÿÿÿnk ( (zàÄ Øº1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿø-a Insertablemap32 ÿÿÿnk ÜC (zàÄ °1 @3a ÿÿÿÿ øÛ. 1¥ ÿÿÿÿ è&a MiscStatusndaˆlh0]¥ × §0]¥ × §0]¥ × § a¥ s Q a¥ s Qpq0975e.l vk `4n QDLLNameI vk €¿EVersionHøÿÿÿ`ma èÿÿÿvk*È?a ¸©ÐÿÿÿACWebDlgHelper ClassXƒøÿÿÿ°?a hbin@a ÿÿÿnk ´ñ€$UÄ è@a ÿÿÿÿ ø?a hÅìÿÿÿÿ *AolCalSvr.ACWebDlgHelper.5¨ÿÿÿnk ´ñ€$UÄ @a ÿÿÿÿÿÿÿÿ hAa hÅìÿÿÿÿNCLSIDðÿÿÿlh @a [‹¸ èÿÿÿvkNAa ¨ÿÿÿ{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}øÿÿÿø@a ˆÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll, 544ÿÿˆÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll, 586ˆÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll, 605at¨ÿÿÿ{00A987AE-587B-4343-B826-89F17AB41A03}03}˜ÿÿÿC:\Program Files\America Online 9.0d\MIMEHook.dll ÿÿÿnk Š<(zàÄ Hé/ ÿÿÿÿÿÿÿÿ €Ö/ 1¥ ÿÿÿÿŒToolboxBitmap32X{999E3352-CCAA-4DC6-BE6A-99EBBF91B523}DLLèÿÿÿvk8¸Í¨ ¶»øÿÿÿ(oa ÿÿÿnk X (zàÄ À¬1 ÿÿÿÿÿÿÿÿ 0bë1¥ ÿÿÿÿr.dToolboxBitmap32¨ÿÿÿnk L|H(zàÄ ¸wa ÿÿÿÿÿÿÿÿ ˜ 1 1¥ ÿÿÿÿC51ontrol¨ÿÿÿnk ( (zàÄ Øº1 ÿÿÿÿÿÿÿÿ ¸Iì1¥ ÿÿÿÿN.dTypeLi
1239 ÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ xÀq ÿÿÿÿÿÿÿÿ 0œ” hÅìÿÿÿÿ* u¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿvisplayN¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ w¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿx¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHyàºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿèb€¶ z`ºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¼q [vk¸þÿÿlh ÐÀq Aˆêq Bàêq C8ëq Dëq Eèëq F@ìq G˜ìq HPíq I¨íq Jîq KXîq Lðìq M@ïq N˜ïq Oè¶q P@·q Q˜·q R°îq SÈ¸q T ¹q Ux¹q VÐ¹q W(ºq X€ºq YØºq Z0»q [¸vk:€¼q @C:\WINDOWS\System32\msbe.dll`h¼q Xnk ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHELP alh¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ2\bø»q ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿcC6906A2¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtcd¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhf`·KßÄ ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿbCls gðÀq ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhd¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q m×q Jèÿÿÿ.jtmpl?hbinÀq ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ @ø4 hÅìÿÿÿÿ,04r¨ÿÿÿnk "Õ’`ßÄ pÑb ˆ»q ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ³q g³q J¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿPÁq aÁq Uàÿÿÿvk è¿q 025 YZ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ Àœ5 hÅìÿÿÿÿ20tN¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿBEuE15¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿversion¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿw8EEE58D¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxÿÿÿÿÿÿÿ¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ yÄq ¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿz¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿc180 [ ÈÃq ¸þÿÿlh ØÑq A0âq Bˆâq Cèq Dèèq E@éq F²q Gh²q H ³q Ix³q JÐ³q K(´q LÀ²q Mµq Nhµq OÀµq P¶q Q Àq R€´q SPÁq T¨Áq UÂq VXÂq W°Âq XÃq Y`Ãq Z¸Ãq [€Äq pvk @ Åq InstallDirHC:\Program Files\TopConveràÿÿÿvk HÌq q 026 p¿q Îq ÿÿÿnk ¸KßÄ pv{ÿÿÿÿÿÿÿÿ °xåhÅìÿÿÿÿ€TopConvertingØÿÿÿvk Æq DisplayNameàÿÿÿarkanoid GameXÇq Øÿÿÿvk €XÆq UninstallStringxÿÿÿC:\Program Files\TopConverting\arkanoid\arkanoid.exe /uninstall¸þÿÿlh °¬q Aq B’q Cp’q DÈ’q E “q Fx“q GÐ“q Hˆ”q Ià”q J8•q K•q L(”q Mx–q NÐ–q O(—q P€—q QØ—q Rè•q S™q T`™q U¸™q Všq WðËq XHÔq Yˆãq Zàãq [Xnk @¸KßÄ XÂq ÿÿÿÿÿÿÿÿ ÀŒìÿÿÿÿÿÿÿÿNTypeLib°lh¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿB-bB-2àÿÿÿvk ØÔq }038àÿÿÿvk ÀÈq 039sionðÿÿÿ.py?ˆÿÿÿnk Hñ »KßÄ þ øq ÿÿÿÿ Ø¶q hÅìÿÿÿÿ,&{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}èÿÿÿvk€˜ÿÿÿnk Hñ »KßÄ ÐÈq hq ÿÿÿÿ à¶q hÅìÿÿÿÿLImplemented Categoriesðÿÿÿ.jsp?èÿÿÿvk€ˆÿÿÿnk Hñ »KßÄ `Éq ÿÿÿÿÿÿÿÿ q hÅìÿÿÿÿ&{00021492-0000-0000-C000-000000000046}ðÿÿÿlh ðÉq ëö-cèÿÿÿvk€øÿÿÿxq ÿÿÿnk Ž†‘sòáÄ ÐÈq ÿÿÿÿÿÿÿÿ î/ hÅìÿÿÿÿDInprocServer32èÿÿÿlh `Éq 2.ô¢˜q C ÇÚèÿÿÿvk<(Ëq ¸ÿÿÿC:\WINDOWS\system32\guard.tmplØÿÿÿvk ˜Ëq ThreadingModelèÿÿÿApartmentÀÿÿÿvk&€{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxf1amic ðÿÿÿ.php àÿÿÿvk €1TPUSN_idàÿÿÿ(¨q €q £q P¨q x¨q XÌq ¸éq ¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ h‘” hÅìÿÿÿÿ8:grkanoid¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpart ha4¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¨Íq mÎq JK¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿData ivk ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe8j315¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¬¹6 kØcÏ |‡¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ16l000¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ °Þ4 hÅìÿÿÿÿ *¨Íq sÎq Jàÿÿÿvk €Ïq 032 Nèÿÿÿ.phtml Q¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿøÐq nvkðÿÿÿ.php?hbinÐq ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÐ oºfÕOßÄ ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtche pCB¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ qPÍq ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ (“”

#18
Metallica

Posted 25 December 2004 - 04:25 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Looks promising actually. :tazz:

Just some logs, backups and XP tricks.

Fisrt flush your restore points:
Disable System restore, reboot and re-enable system restore.
Read how: http://service1.syma...src=sec_doc_nam

Clean out your prefetch folder:
http://www.tweakxp.com/tweak525.aspx

In safe mode use the DiskCleanup Tool to empty all your Temp folders.

Can you post another agent Ransack log after doing all that?

Regards,

Pieter

#19
tdcook4

Posted 27 December 2004 - 10:47 AM

Member

Topic Starter
Member
19 posts

OK...time to return to the fun...

My new Ransack log is below. System restore was already disabled, and has been since I started this process. One of the first problems I had noticed weeks ago was that Norton wasn't updating, so I followed their instructions to uninstall/reinstall....and that included disabling System Restore and creating a backup registry. I had never re-enabled System Restore. I think I was assuming I'd eventually end up wiping my drive anyway.

So...I re-enabled System Restore, cleaned out prefetch and used DiskCleanup on the temps. Here's agent Ransack. (When I noticed the entries referring to the AdAware logs, I deleted those logs.)

(By the way...do my logs look normal? I'm not sure I'm doing this exactly right.)

C:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-14 00-56-04.txt (17 KB, 12/14/2004 12:56:04 AM)
159 Data : guard.tmp
165 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
185 Data : guard.tmp
191 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 00-32-13.txt (9 KB, 12/24/2004 12:32:13 AM)
146 Data : guard.tmp
152 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
172 Data : guard.tmp
178 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log (6858 KB, 12/24/2004 12:36:36 AM)
0 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00f8f350 77f5c534 77e7a580 00000700 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00f8f3b8 77e7ab74 00000700 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00f8f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000f8f354 34 c5 f5 77 80 a5 e7 77 - 00 07 00 00 00 00 00 00 4..w...w........0000000000f8f364 00 00 00 00 9a 22 dd 77 - 00 07 00 00 00 00 00 00 .....".w........0000000000f8f374 06 00 52 00 00 00 00 00 - c8 f1 f8 00 01 00 00 00 ..R.............0000000000f8f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000f8f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 f8 00 ............h...0000000000f8f3a4 e0 83 e3 77 74 ff f8 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000f8f3b4 00 00 00 00 64 f4 f8 00 - 74 ab e7 77 00 07 00 00 ....d...t..w....0000000000f8f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 00 07 00 00 ................0000000000f8f3d4 ff ff ff ff 30 f0 d7 00 - c0 52 f2 00 24 02 00 00 ....0....R..$...0000000000f8f3e4 3a 02 00 00 1e 00 00 00 - 36 02 00 00 43 3a 5c 57 :.......6...C:\W0000000000f8f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000f8f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000f8f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000f8f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000f8f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f484 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................*----> State Dump for Thread Id 0x91c <----*eax=100287a4 ebx=00000000 ecx=00d7ed50 edx=00000000 esi=00000224 edi=00000000eip=7ffe0304 esp=00fdfd60 ebp=00fdfdc4 iopl=0 nv up ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00fdfd5c 77f5c534 77e7a580 00000224 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00fdfdc4 77e7ab74 00000224 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc80000002 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000fdfd60 34 c5 f5 77 80 a5 e7 77 - 24 02 00 00 00 00 00 00 4..w...w$.......0000000000fdfd70 00 00 00 00 a8 83 04 10 - 24 02 00
0 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00f8f350 77f5c534 77e7a580 00000230 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00f8f3b8 77e7ab74 00000230 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00f8f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000f8f354 34 c5 f5 77 80 a5 e7 77 - 30 02 00 00 00 00 00 00 4..w...w0.......0000000000f8f364 00 00 00 00 9a 22 dd 77 - 30 02 00 00 00 00 00 00 .....".w0.......0000000000f8f374 06 00 52 00 00 00 00 00 - c8 f1 f8 00 01 00 00 00 ..R.............0000000000f8f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000f8f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 f8 00 ............h...0000000000f8f3a4 e0 83 e3 77 74 ff f8 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000f8f3b4 00 00 00 00 64 f4 f8 00 - 74 ab e7 77 30 02 00 00 ....d...t..w0...0000000000f8f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 30 02 00 00 ............0...0000000000f8f3d4 ff ff ff ff 30 f0 d7 00 - c0 52 f2 00 1c 02 00 00 ....0....R......0000000000f8f3e4 0a 05 00 00 1e 00 00 00 - 82 05 00 00 43 3a 5c 57 ............C:\W0000000000f8f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000f8f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000f8f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000f8f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000f8f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f484 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................*----> State Dump for Thread Id 0x980 <----*eax=100287a4 ebx=00000000 ecx=00d7ed50 edx=00000000 esi=0000021c edi=00000000eip=7ffe0304 esp=00fdfd60 ebp=00fdfdc4 iopl=0 nv up ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00fdfd5c 77f5c534 77e7a580 0000021c 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00fdfdc4 77e7ab74 0000021c ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc80000002 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000fdfd60 34 c5 f5 77 80 a5 e7 77 - 1c 02 00 00 00 00 00 00 4..w...w........0000000000fdfd70 00 00 00 00 a8 83 04 10 - 1c 02 00
0 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00e3f350 77f5c534 77e7a580 000004a0 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00e3f3b8 77e7ab74 000004a0 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00e3f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000e3f354 34 c5 f5 77 80 a5 e7 77 - a0 04 00 00 00 00 00 00 4..w...w........0000000000e3f364 00 00 00 00 9a 22 dd 77 - a0 04 00 00 00 00 00 00 .....".w........0000000000e3f374 06 00 52 00 00 00 00 00 - c8 f1 e3 00 01 00 00 00 ..R.............0000000000e3f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000e3f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 e3 00 ............h...0000000000e3f3a4 e0 83 e3 77 74 ff e3 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000e3f3b4 00 00 00 00 64 f4 e3 00 - 74 ab e7 77 a0 04 00 00 ....d...t..w....0000000000e3f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 a0 04 00 00 ................0000000000e3f3d4 ff ff ff ff 30 f0 ab 00 - d8 52 c4 00 20 02 00 00 ....0....R.. ...0000000000e3f3e4 36 02 00 00 1e 00 00 00 - 32 02 00 00 43 3a 5c 57 6.......2...C:\W0000000000e3f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000e3f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000e3f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000e3f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000e3f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000e3f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .....

C:\Documents and Settings\Tammy\Application Data\Iomega Automatic Backup\CacheFiles\IOM280.tmp (17 KB, 12/14/2004 12:56:04 AM)
159 Data : guard.tmp
165 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
185 Data : guard.tmp
191 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 02-38-35.txt (33 KB, 12/24/2004 2:38:35 AM)
667 Data : guard.tmp
673 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 03-05-09.txt (30 KB, 12/24/2004 3:05:09 AM)
642 Data : guard.tmp
648 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
668 Data : guard.tmp
674 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-24 15-47-58.txt (35 KB, 12/24/2004 3:47:58 PM)
662 Data : guard.tmp
668 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-26 00-38-27.txt (44 KB, 12/26/2004 12:38:27 AM)
859 Data : guard.tmp
865 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-26 01-35-20.txt (40 KB, 12/26/2004 1:35:20 AM)
932 Data : guard.tmp
938 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-12-26 01-54-23.txt (19 KB, 12/26/2004 1:54:23 AM)
383 Data : guard.tmp
389 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
423 Data : guard.tmp
429 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

C:\Documents and Settings\Tammy\Desktop\Backup.bkf (385681 KB, 12/15/2004 11:34:05 PM)
194202 Åìÿÿÿÿ†commandðÿÿÿlh x a o ŸUpÿÿÿrundll32.exe C:\PROGRA~1\AMERIC~1.0D\WEBCAL~1.DLL,WebCalHandler %1 ÿÿÿnk ²Îù'zàÄ –4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ<éÉð Programmable96-4˜ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ è¾Ì1¥ ÿÿÿÿ6ÿÿÿÿ VersionIndependentProgIDàÿÿÿvk 8¸2n ContactIðÿÿÿaimuõ Tðÿÿÿ¸óm õm 1ˆÿÿÿnk JEð'zàÄ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0c&{7DD95801-9882-11CF-9FA9-00AA006C42C4} ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿImpl Insertableries-1¨ÿÿÿ{00A987AE-587B-4343-B826-89F17AB41A03}peLibÀÿÿÿlh øøp ÏÜ¤‡0¬ Bæîè/ ö%~xN/ îæë~°à/ 9y»]chali1.0Libàÿÿÿhl¥ Xn¥ Xm¥ Ø ¸ot Ds QØÿÿÿvk ,(#a §PublisherModel Q˜ÿÿÿnk þ õ'zàÄ X/1 °6áÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLLImplemented CategoriesA9 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ±rR ProgrammableC3-4Àÿÿÿvk&€e{E2527B48-1C57-4187-A2B0-A96632D78975}BèÿÿÿvkLu¥ sDèÿÿÿvk~Mk a ÿÿÿnk JEð'zàÄ ˜5 @ô` ÿÿÿÿ ³Ì1¥ ÿÿÿÿ ˆ+6 MiscStatusnda ÿÿÿnk þ õ'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 Insertable ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32ˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95801-9882-11CF-9FA9-00AA006C42C4}A9ðÿÿÿ1.0uõ T ÿÿÿnk þ õ'zàÄ X/1 P a ÿÿÿÿ €€á1¥ ÿÿÿÿ pb6 MiscStatusnda˜ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ à·Ì1¥ ÿÿÿÿ0VersionIndependentProgIDÀÿÿÿlh @ea C ÇÚx 1 uõ TXI1 Õ—R Xk × § @1 s Qÿÿÿÿÿÿÿÿèÿÿÿvka bàÿÿÿ12/15/2004¨Õ—R s Q ÿÿÿnk ¬V"(zàÄ ð+6 ÿÿÿÿÿÿÿÿ ˆ£Ì1¥ ÿÿÿÿdllInprocServer32 T ÇÚ ¸ a øÿÿÿ8 a àÿÿÿvk `.a lCommentshbin a ¶fý U8gƒ%ª wløA¯ ¨ µ˜ÿÿÿnk JEð'zàÄ ˜5 è¬Ìÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLø+6 Implemented Categories Tðÿÿÿ0A• `B• 88• øÿÿÿ¸ a ÿÿÿnk ¦y$UÄ ¸!a ÿÿÿÿ X!a hÅìÿÿÿÿ ,m Àª AolCalSvr.ACMonthViewCtrl.5ÍÐ6åâèÿÿÿvk,(!a è÷ÐÿÿÿACMonthViewCtrl Classøÿÿÿ !a ¨ÿÿÿnk ¦y$UÄ a ÿÿÿÿÿÿÿÿ 8"a hÅìÿÿÿÿNß¯NÅ CLSIDS±Zðÿÿÿlh `!a [‹¸ èÿÿÿvkNà!a ÇÙ¨ÿÿÿ{0FE9096F-7F7A-4e40-857C-E48A53440DFE}ŒÕ’Q ÒøÿÿÿÈ!a ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dllTèÿÿÿvk¸ a a ÿÿÿlh €%a dÁU a 2.ô¢ Å` C ÇÚð a }‚µ x a Éß ÐÅçuõ T¸Ä` Õ—R 0ag × §€Ug ât…†ˆ+6 s Qusvk ÐÿÿÿMicrosoft Corporationøÿÿÿ a ¨ÿÿÿnk þ õ'zàÄ a ÿÿÿÿÿÿÿÿ ø¯á1¥ ÿÿÿÿpb6 1ypeLibQ¨ÿÿÿnk þ õ'zàÄ X/1 ÿÿÿÿÿÿÿÿ 8±á1¥ ÿÿÿÿNA0TypeLib˜ÿÿÿnk 1ü'zàÄ –4 hiåÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLImplemented Categories-1àÿÿÿvk X a QitemadinøÿÿÿÈú` ðÿÿÿH÷m ¨øm Ø/a ðÿÿÿ1.0uõ T ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ ¸É³1¥ ÿÿÿÿhLLInprocServer32Ä ¨ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ Xpå1¥ ÿÿÿÿNrver TypeLibeøÿÿÿ ü` ¨ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿˆ+6 Controlt ÿÿÿlh ˆ,a dÁU@ a 2.ô¢(Æ` C ÇÚØ a }‚µ a Éß €—5 uõ TÈÅ` Õ—R ¸#a × §à6¥ ât…†pb6 s QuspeLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿ P ·1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ ppì1¥ ÿÿÿÿ6rver VersionIndependentProgID¸ÿÿÿC:\WINDOWS\system32\guard.tmp.dlÈ a ˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06ˆÿÿÿnk Î (zàÄ þ xðh ÿÿÿÿ ¨Ì1¥ ÿÿÿÿ0.&{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}C5 ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammablerammøÿÿÿH a ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ HÉ³1¥ ÿÿÿÿhInprocServer32Seˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06 ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32Se ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ DÉ1¥ ÿÿÿÿhInprocServer32Se¨ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLControløÿÿÿ0ý` ˜ò` èÿÿÿ`×c HÚc àÕc 0e’ àÿÿÿvk ÐMa a FileNameøÿÿÿÈ a ÿÿÿnk -|$UÄ ,a ÿÿÿÿ +a hÅìÿÿÿÿ (ù¤$K AolCalSvr.ACToolBarCtrl.5ÖÝhÈ; èÿÿÿvk(p+a ÃæÐÿÿÿACToolBarCtrl Class%è –øÿÿÿX+a ¨ÿÿÿnk -|$UÄ è*a ÿÿÿÿÿÿÿÿ €,a hÅìÿÿÿÿN„^Oú CLSIDp ðÿÿÿlh ¨+a [‹¸ èÿÿÿvkN(,a µ?¨ÿÿÿ{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}í„ Høÿÿÿ ,a ¨ÿÿÿnk ¤§ò'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿh/a Control¨ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0bControle ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ øe¾1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿ ¸4ì1¥ ÿÿÿÿ<LLVersionIndependentProgID¨ÿÿÿnk ( (zàÄ h7a ÿÿÿÿÿÿÿÿ PEì1¥ ÿÿÿÿntPr 1ogIDøÿÿÿÀü` àÿÿÿYour Commentsøÿÿÿxð` àÿÿÿvk R¨/n a HelpLinkðÿÿÿØúm 8üm LibDèÿÿÿvk,e ¶»ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll06èÿÿÿlh ðóp 6ãÐ q Ðô3ðÿÿÿØ©a ªa s Qˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 &{7DD95801-9882-11CF-9FA9-00AA006C42C4}sIðÿÿÿHU• ˆV• G• ðÿÿÿXµa ¸z4 `¯a hbin0a ä¢píDað å Ú (§þIü˜ÿÿÿnk Xl÷'zàÄ x’4 xÇÌÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿL8 a Implemented CategoriesA9ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿð&a Insertablenda¨ÿÿÿ{3F8E02B4-6601-41A2-95E7-6BD102935C55}peLib¨ÿÿÿnk N³ (zàÄ ð(ìÿÿÿÿÿÿÿÿ P“Õ1¥ ÿÿÿÿN0cTypeLib ¸s8 hå8 ó` èÒc xT¥ Ð–¬ D× §øÿÿÿPDa øÿÿÿàca vk €5VersionHøÿÿÿ da ðÿÿÿlh Ø8a 1Øÿÿÿvk : ëc URLInfoAboutLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32e ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32 ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿhProgrammable32a ÿÿÿnk ÜC (zàÄ °1 ÿÿÿÿÿÿÿÿ Pvì1¥ ÿÿÿÿr.dToolboxBitmap32¨ÿÿÿnk T+x(zàÄ Ð30 ÿÿÿÿÿÿÿÿ X!0 1¥ ÿÿÿÿNb9TypeLibàÿÿÿvk R@žp atHelpLinkÿÿÿnk Z~$UÄ ˆ6a ÿÿÿÿ (6a hÅìÿÿÿÿ (^‚Ã AolCalSvr.ACMPickerCtrl.5»_q8nðjèÿÿÿvk(ø5a OcÐÿÿÿACMPickerCtrl Classx( øÿÿÿà5a ¨ÿÿÿnk Z~$UÄ p5a ÿÿÿÿÿÿÿÿ 7a hÅìÿÿÿÿNÄ> ‰ CLSID–ÂQðÿÿÿlh 06a [‹¸ èÿÿÿvkN°6a ö¹¨ÿÿÿ{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}ôÔÃ ©’øÿÿÿ˜6a ¨ÿÿÿnk ²Îù'zàÄ Hbg ÿÿÿÿÿÿÿÿ pÙá1¥ ÿÿÿÿA
194203 ÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ xÀq ÿÿÿÿÿÿÿÿ 0œ” hÅìÿÿÿÿ* u¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿvisplayN¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ w¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿx¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHyàºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿèb€¶ z`ºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¼q [vk¸þÿÿlh ÐÀq Aˆêq Bàêq C8ëq Dëq Eèëq F@ìq G˜ìq HPíq I¨íq Jîq KXîq Lðìq M@ïq N˜ïq Oè¶q P@·q Q˜·q R°îq SÈ¸q T ¹q Ux¹q VÐ¹q W(ºq X€ºq YØºq Z0»q [¸vk:€¼q @C:\WINDOWS\System32\msbe.dll`h¼q Xnk ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHELP alh¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ2\bø»q ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿcC6906A2¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtcd¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhf`·KßÄ ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿbCls gðÀq ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhd¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q m×q Jèÿÿÿ.jtmpl?hbinÀq ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ @ø4 hÅìÿÿÿÿ,04r¨ÿÿÿnk "Õ’`ßÄ pÑb ˆ»q ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ³q g³q J¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿPÁq aÁq Uàÿÿÿvk è¿q 025 YZ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ Àœ5 hÅìÿÿÿÿ20tN¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿBEuE15¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿversion¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿw8EEE58D¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxÿÿÿÿÿÿÿ¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ yÄq ¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿz¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿc180 [ ÈÃq ¸þÿÿlh ØÑq A0âq Bˆâq Cèq Dèèq E@éq F²q Gh²q H ³q Ix³q JÐ³q K(´q LÀ²q Mµq Nhµq OÀµq P¶q Q Àq R€´q SPÁq T¨Áq UÂq VXÂq W°Âq XÃq Y`Ãq Z¸Ãq [€Äq pvk @ Åq InstallDirHC:\Program Files\TopConveràÿÿÿvk HÌq q 026 p¿q Îq ÿÿÿnk ¸KßÄ pv{ÿÿÿÿÿÿÿÿ °xåhÅìÿÿÿÿ€TopConvertingØÿÿÿvk Æq DisplayNameàÿÿÿarkanoid GameXÇq Øÿÿÿvk €XÆq UninstallStringxÿÿÿC:\Program Files\TopConverting\arkanoid\arkanoid.exe /uninstall¸þÿÿlh °¬q Aq B’q Cp’q DÈ’q E “q Fx“q GÐ“q Hˆ”q Ià”q J8•q K•q L(”q Mx–q NÐ–q O(—q P€—q QØ—q Rè•q S™q T`™q U¸™q Všq WðËq XHÔq Yˆãq Zàãq [Xnk @¸KßÄ XÂq ÿÿÿÿÿÿÿÿ ÀŒìÿÿÿÿÿÿÿÿNTypeLib°lh¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿB-bB-2àÿÿÿvk ØÔq }038àÿÿÿvk ÀÈq 039sionðÿÿÿ.py?ˆÿÿÿnk Hñ »KßÄ þ øq ÿÿÿÿ Ø¶q hÅìÿÿÿÿ,&{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}èÿÿÿvk€˜ÿÿÿnk Hñ »KßÄ ÐÈq hq ÿÿÿÿ à¶q hÅìÿÿÿÿLImplemented Categoriesðÿÿÿ.jsp?èÿÿÿvk€ˆÿÿÿnk Hñ »KßÄ `Éq ÿÿÿÿÿÿÿÿ q hÅìÿÿÿÿ&{00021492-0000-0000-C000-000000000046}ðÿÿÿlh ðÉq ëö-cèÿÿÿvk€øÿÿÿxq ÿÿÿnk Ž†‘sòáÄ ÐÈq ÿÿÿÿÿÿÿÿ î/ hÅìÿÿÿÿDInprocServer32èÿÿÿlh `Éq 2.ô¢˜q C ÇÚèÿÿÿvk<(Ëq ¸ÿÿÿC:\WINDOWS\system32\guard.tmplØÿÿÿvk ˜Ëq ThreadingModelèÿÿÿApartmentÀÿÿÿvk&€{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxf1amic ðÿÿÿ.php àÿÿÿvk €1TPUSN_idàÿÿÿ(¨q €q £q P¨q x¨q XÌq ¸éq ¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ h‘” hÅìÿÿÿÿ8:grkanoid¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpart ha4¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¨Íq mÎq JK¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿData ivk ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe8j315¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¬¹6 kØcÏ |‡¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ16l000¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ °Þ4 hÅìÿÿÿÿ *¨Íq sÎq Jàÿÿÿvk €Ïq 032 Nèÿÿÿ.phtml Q¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿøÐq nvkðÿÿÿ.php?hbinÐq ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÐ oºfÕOßÄ ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtche pCB¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ qPÍq ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ (“” hÅìÿÿÿÿ":-4r-88¨ÿÿÿnk "Õ’`ßÄ pÑb Äq ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ¨Íq fÎq J¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿXÒq aÒq Uàÿÿÿvk ðÏq 027 YZ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ ¨‘” hÅìÿÿÿÿ0tLSID¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ-4u-88èÿÿÿ.php3?3A3èÿÿÿ.phtml?ÀÒq xÿÿÿC:\documents and settings\tammy\local settings\temp\grosVI.exeependexÿÿÿC:\documents and settings\tammy\local settings\temp\AZ7M2Ozhd.exe¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿomy Fiàÿÿÿvk ÀÔq e037ÿÿÿÿÿèÿÿÿ.process?ðÿÿÿ.py gØÿÿÿvk ~8Óq q grosVI.exeðÔq ¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ c¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ è” hÅìÿÿÿÿ&sidObj¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe\¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿfmiàÿÿÿvk àØq 035 §lì²àÿÿÿvk (ïq Zú036PÖq X{692B8041-F1C5-4881-82E9-4F94BBA34AC2}rVer` ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿiersion ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿj4EB7BBE¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿkÿÿÿÿÿÿÿ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ0l1.0¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q s×q Jàÿÿÿvk Óq 033 Nðÿÿÿ.pl?Q¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿnÿÿÿÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ ð·q ÿÿÿÿÿÿÿÿ œ” hÅìÿÿÿÿ&"o¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpC:¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ©:¼ qØ×q ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÙq rØq ±õ ¨ÿÿÿnk ]¾—`ßÄ ßq ÿÿÿÿÿÿÿÿ H” hÅìÿÿÿÿ×q a×q J¨ÿÿÿnk |7•`ßÄ ßq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿˆÛq bÛq Uàÿÿÿvk èßq 028 YZ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÜq ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿNu¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ04v¨ÿÿÿnk ]¾—`ßÄ ð·q ÿÿÿÿÿÿÿÿ ðœ” hÅìÿÿÿÿ""w¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ00x24-¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿH P¼ yøÚq ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ°Ûq zÜq üC¶»¨ÿÿÿnk |7•`ßÄ ð·q
194282 ~1\Tammy\LOCALS~1\Temp\temp.fr0ECC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021906.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr3D99\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021907.vxd!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr05C6\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021909.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA848\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021923.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA317\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021924.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frB6AC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021945.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFBDE\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021958.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0416\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021964.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0968\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022110.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFA94\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022112.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frCFD0\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022114.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr7F96\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022115.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr5687\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022116.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frCDF2\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022117.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frE82E\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022119.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA8D5\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022120.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frD292P hbinp<0à/\??\C:\WINDOWS\system32\h20q0cd5ef0.dll!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frDBA4\??\C:\WINDOWS\system32\guard.tmp!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frFAFC\??\C:\WINDOWS\system32\guard.tmp!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr0275\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024696.dll!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr006C\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024697.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr3F57\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024698.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr6DAF\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024699.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frF7C7\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024700.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr73FA\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024701.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr268F\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024702.vxd!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frE8BD\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024703.srg!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frDC99\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024704.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frB578\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024705.DLL!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr09C0331ø!F01-427C-A58A-7A2E4AABF84D}\RP222\A0021923.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA317\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021924.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frB6AC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021945.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFBDE\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021958.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0416\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021964.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0968\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022110.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFA94\??\C:\System Volume Information\_restore{

C:\Documents and Settings\Tammy\Desktop\Contents.txt (59 KB, 12/24/2004 9:56:14 PM)
2 21 00:40:56 [File Scan] Scanning file C:\WINDOWS\SYSTEM32\guard.tmp
5 159 Data : guard.tmp
6 165 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
7 185 Data : guard.tmp
8 191 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
11 146 Data : guard.tmp
12 152 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
13 172 Data : guard.tmp
14 178 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
17 667 Data : guard.tmp
18 673 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
21 642 Data : guard.tmp
22 648 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
23 668 Data : guard.tmp
24 674 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
27 662 Data : guard.tmp
28 668 Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
31 Åìÿÿÿÿ†commandðÿÿÿlh x a o ŸUpÿÿÿrundll32.exe C:\PROGRA~1\AMERIC~1.0D\WEBCAL~1.DLL,WebCalHandler %1 ÿÿÿnk ²Îù'zàÄ –4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ<éÉð Programmable96-4˜ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ è¾Ì1¥ ÿÿÿÿ6ÿÿÿÿ VersionIndependentProgIDàÿÿÿvk 8¸2n ContactIðÿÿÿaimuõ Tðÿÿÿ¸óm õm 1ˆÿÿÿnk JEð'zàÄ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0c&{7DD95801-9882-11CF-9FA9-00AA006C42C4} ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿImpl Insertableries-1¨ÿÿÿ{00A987AE-587B-4343-B826-89F17AB41A03}peLibÀÿÿÿlh øøp ÏÜ¤‡0¬ Bæîè/ ö%~xN/ îæë~°à/ 9y»]chali1.0Libàÿÿÿhl¥ Xn¥ Xm¥ Ø ¸ot Ds QØÿÿÿvk ,(#a §PublisherModel Q˜ÿÿÿnk þ õ'zàÄ X/1 °6áÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLLImplemented CategoriesA9 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ±rR ProgrammableC3-4Àÿÿÿvk&€e{E2527B48-1C57-4187-A2B0-A96632D78975}BèÿÿÿvkLu¥ sDèÿÿÿvk~Mk a ÿÿÿnk JEð'zàÄ ˜5 @ô` ÿÿÿÿ ³Ì1¥ ÿÿÿÿ ˆ+6 MiscStatusnda ÿÿÿnk þ õ'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 Insertable ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32ˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95801-9882-11CF-9FA9-00AA006C42C4}A9ðÿÿÿ1.0uõ T ÿÿÿnk þ õ'zàÄ X/1 P a ÿÿÿÿ €€á1¥ ÿÿÿÿ pb6 MiscStatusnda˜ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ à·Ì1¥ ÿÿÿÿ0VersionIndependentProgIDÀÿÿÿlh @ea C ÇÚx 1 uõ TXI1 Õ—R Xk × § @1 s Qÿÿÿÿÿÿÿÿèÿÿÿvka bàÿÿÿ12/15/2004¨Õ—R s Q ÿÿÿnk ¬V"(zàÄ ð+6 ÿÿÿÿÿÿÿÿ ˆ£Ì1¥ ÿÿÿÿdllInprocServer32 T ÇÚ ¸ a øÿÿÿ8 a àÿÿÿvk `.a lCommentshbin a ¶fý U8gƒ%ª wløA¯ ¨ µ˜ÿÿÿnk JEð'zàÄ ˜5 è¬Ìÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLø+6 Implemented Categories Tðÿÿÿ0A• `B• 88• øÿÿÿ¸ a ÿÿÿnk ¦y$UÄ ¸!a ÿÿÿÿ X!a hÅìÿÿÿÿ ,m Àª AolCalSvr.ACMonthViewCtrl.5ÍÐ6åâèÿÿÿvk,(!a è÷ÐÿÿÿACMonthViewCtrl Classøÿÿÿ !a ¨ÿÿÿnk ¦y$UÄ a ÿÿÿÿÿÿÿÿ 8"a hÅìÿÿÿÿNß¯NÅ CLSIDS±Zðÿÿÿlh `!a [‹¸ èÿÿÿvkNà!a ÇÙ¨ÿÿÿ{0FE9096F-7F7A-4e40-857C-E48A53440DFE}ŒÕ’Q ÒøÿÿÿÈ!a ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dllTèÿÿÿvk¸ a a ÿÿÿlh €%a dÁU a 2.ô¢ Å` C ÇÚð a }‚µ x a Éß ÐÅçuõ T¸Ä` Õ—R 0ag × §€Ug ât…†ˆ+6 s Qusvk ÐÿÿÿMicrosoft Corporationøÿÿÿ a ¨ÿÿÿnk þ õ'zàÄ a ÿÿÿÿÿÿÿÿ ø¯á1¥ ÿÿÿÿpb6 1ypeLibQ¨ÿÿÿnk þ õ'zàÄ X/1 ÿÿÿÿÿÿÿÿ 8±á1¥ ÿÿÿÿNA0TypeLib˜ÿÿÿnk 1ü'zàÄ –4 hiåÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLImplemented Categories-1àÿÿÿvk X a QitemadinøÿÿÿÈú` ðÿÿÿH÷m ¨øm Ø/a ðÿÿÿ1.0uõ T ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ ¸É³1¥ ÿÿÿÿhLLInprocServer32Ä ¨ÿÿÿnk 1ü'zàÄ –4 ÿÿÿÿÿÿÿÿ Xpå1¥ ÿÿÿÿNrver TypeLibeøÿÿÿ ü` ¨ÿÿÿnk JEð'zàÄ ˜5 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿˆ+6 Controlt ÿÿÿlh ˆ,a dÁU@ a 2.ô¢(Æ` C ÇÚØ a }‚µ a Éß €—5 uõ TÈÅ` Õ—R ¸#a × §à6¥ ât…†pb6 s QuspeLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿ P ·1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ ppì1¥ ÿÿÿÿ6rver VersionIndependentProgID¸ÿÿÿC:\WINDOWS\system32\guard.tmp.dlÈ a ˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06ˆÿÿÿnk Î (zàÄ þ xðh ÿÿÿÿ ¨Ì1¥ ÿÿÿÿ0.&{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}C5 ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammablerammøÿÿÿH a ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿ HÉ³1¥ ÿÿÿÿhInprocServer32Seˆÿÿÿnk 1ü'zàÄ $a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ&{7DD95802-9882-11CF-9FA9-00AA006C42C4}06 ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿProgrammable32Se ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿ DÉ1¥ ÿÿÿÿhInprocServer32Se¨ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿLLControløÿÿÿ0ý` ˜ò` èÿÿÿ`×c HÚc àÕc 0e’ àÿÿÿvk ÐMa a FileNameøÿÿÿÈ a ÿÿÿnk -|$UÄ ,a ÿÿÿÿ +a hÅìÿÿÿÿ (ù¤$K AolCalSvr.ACToolBarCtrl.5ÖÝhÈ; èÿÿÿvk(p+a ÃæÐÿÿÿACToolBarCtrl Class%è –øÿÿÿX+a ¨ÿÿÿnk -|$UÄ è*a ÿÿÿÿÿÿÿÿ €,a hÅìÿÿÿÿN„^Oú CLSIDp ðÿÿÿlh ¨+a [‹¸ èÿÿÿvkN(,a µ?¨ÿÿÿ{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}í„ Høÿÿÿ ,a ¨ÿÿÿnk ¤§ò'zàÄ X/1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿh/a Control¨ÿÿÿnk Xl÷'zàÄ x’4 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿ0bControle ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿ øe¾1¥ ÿÿÿÿhLLInprocServer32Ä ˜ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿ ¸4ì1¥ ÿÿÿÿ<LLVersionIndependentProgID¨ÿÿÿnk ( (zàÄ h7a ÿÿÿÿÿÿÿÿ PEì1¥ ÿÿÿÿntPr 1ogIDøÿÿÿÀü` àÿÿÿYour Commentsøÿÿÿxð` àÿÿÿvk R¨/n a HelpLinkðÿÿÿØúm 8üm LibDèÿÿÿvk,e ¶»ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll06èÿÿÿlh ðóp 6ãÐ q Ðô3ðÿÿÿØ©a ªa s Qˆÿÿÿnk ¤§ò'zàÄ @ a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿpb6 &{7DD95801-9882-11CF-9FA9-00AA006C42C4}sIðÿÿÿHU• ˆV• G• ðÿÿÿXµa ¸z4 `¯a hbin0a ä¢píDað å Ú (§þIü˜ÿÿÿnk Xl÷'zàÄ x’4 xÇÌÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿL8 a Implemented CategoriesA9ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1ÿÿÿC:\Program Files\America Online 9.0d\MyCalendar.dll1 ÿÿÿnk ‚á (zàÄ °1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿð&a Insertablenda¨ÿÿÿ{3F8E02B4-6601-41A2-95E7-6BD102935C55}peLib¨ÿÿÿnk N³ (zàÄ ð(ìÿÿÿÿÿÿÿÿ P“Õ1¥ ÿÿÿÿN0cTypeLib ¸s8 hå8 ó` èÒc xT¥ Ð–¬ D× §øÿÿÿPDa øÿÿÿàca vk €5VersionHøÿÿÿ da ðÿÿÿlh Ø8a 1Øÿÿÿvk : ëc URLInfoAboutLib ÿÿÿnk Àõ(zàÄ À¬1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32e ÿÿÿnk tº (zàÄ È'a ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿndInsertablemap32 ÿÿÿnk Î (zàÄ Øº1 ÿÿÿÿÿÿÿÿÿÿÿÿ 1¥ ÿÿÿÿhProgrammable32a ÿÿÿnk ÜC (zàÄ °1 ÿÿÿÿÿÿÿÿ Pvì1¥ ÿÿÿÿr.dToolboxBitmap32¨ÿÿÿnk T+x(zàÄ Ð30 ÿÿÿÿÿÿÿÿ X!0 1¥ ÿÿÿÿNb9TypeLibàÿÿÿvk R@žp atHelpLinkÿÿÿnk Z~$UÄ ˆ6a ÿÿÿÿ (6a hÅìÿÿÿÿ (^‚Ã AolCalSvr.ACMPickerCtrl.5»_q8nðjèÿÿÿvk(ø5a OcÐÿÿÿACMPickerCtrl Classx( øÿÿÿà5a ¨ÿÿÿnk Z~$UÄ p5a ÿÿÿÿÿÿÿÿ 7a hÅìÿÿÿÿNÄ> ‰ CLSID–ÂQðÿÿÿlh 06a [‹¸ èÿÿÿvkN°6a ö¹¨ÿÿÿ{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}ôÔÃ ©’øÿÿÿ˜6a ¨ÿÿÿnk ²Îù'zàÄ Hbg ÿÿÿÿÿÿÿÿ pÙá1¥ ÿÿÿÿA
32 ÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ xÀq ÿÿÿÿÿÿÿÿ 0œ” hÅìÿÿÿÿ* u¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿvisplayN¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ w¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿx¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHyàºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿèb€¶ z`ºq ¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¼q [vk¸þÿÿlh ÐÀq Aˆêq Bàêq C8ëq Dëq Eèëq F@ìq G˜ìq HPíq I¨íq Jîq KXîq Lðìq M@ïq N˜ïq Oè¶q P@·q Q˜·q R°îq SÈ¸q T ¹q Ux¹q VÐ¹q W(ºq X€ºq YØºq Z0»q [¸vk:€¼q @C:\WINDOWS\System32\msbe.dll`h¼q Xnk ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿHELP alh¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ2\bø»q ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿcC6906A2¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtcd¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhf`·KßÄ ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿbCls gðÀq ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿhd¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q m×q Jèÿÿÿ.jtmpl?hbinÀq ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ @ø4 hÅìÿÿÿÿ,04r¨ÿÿÿnk "Õ’`ßÄ pÑb ˆ»q ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ³q g³q J¨ÿÿÿnk "Õ’`ßÄ xÀq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿPÁq aÁq Uàÿÿÿvk è¿q 025 YZ¨ÿÿÿnk ]¾—`ßÄ €Ñq ÿÿÿÿÿÿÿÿ Àœ5 hÅìÿÿÿÿ20tN¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿBEuE15¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿversion¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿw8EEE58D¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxÿÿÿÿÿÿÿ¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ yÄq ¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿz¨ÿÿÿnk "Õ’`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿc180 [ ÈÃq ¸þÿÿlh ØÑq A0âq Bˆâq Cèq Dèèq E@éq F²q Gh²q H ³q Ix³q JÐ³q K(´q LÀ²q Mµq Nhµq OÀµq P¶q Q Àq R€´q SPÁq T¨Áq UÂq VXÂq W°Âq XÃq Y`Ãq Z¸Ãq [€Äq pvk @ Åq InstallDirHC:\Program Files\TopConveràÿÿÿvk HÌq q 026 p¿q Îq ÿÿÿnk ¸KßÄ pv{ÿÿÿÿÿÿÿÿ °xåhÅìÿÿÿÿ€TopConvertingØÿÿÿvk Æq DisplayNameàÿÿÿarkanoid GameXÇq Øÿÿÿvk €XÆq UninstallStringxÿÿÿC:\Program Files\TopConverting\arkanoid\arkanoid.exe /uninstall¸þÿÿlh °¬q Aq B’q Cp’q DÈ’q E “q Fx“q GÐ“q Hˆ”q Ià”q J8•q K•q L(”q Mx–q NÐ–q O(—q P€—q QØ—q Rè•q S™q T`™q U¸™q Všq WðËq XHÔq Yˆãq Zàãq [Xnk @¸KßÄ XÂq ÿÿÿÿÿÿÿÿ ÀŒìÿÿÿÿÿÿÿÿNTypeLib°lh¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿB-bB-2àÿÿÿvk ØÔq }038àÿÿÿvk ÀÈq 039sionðÿÿÿ.py?ˆÿÿÿnk Hñ »KßÄ þ øq ÿÿÿÿ Ø¶q hÅìÿÿÿÿ,&{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}èÿÿÿvk€˜ÿÿÿnk Hñ »KßÄ ÐÈq hq ÿÿÿÿ à¶q hÅìÿÿÿÿLImplemented Categoriesðÿÿÿ.jsp?èÿÿÿvk€ˆÿÿÿnk Hñ »KßÄ `Éq ÿÿÿÿÿÿÿÿ q hÅìÿÿÿÿ&{00021492-0000-0000-C000-000000000046}ðÿÿÿlh ðÉq ëö-cèÿÿÿvk€øÿÿÿxq ÿÿÿnk Ž†‘sòáÄ ÐÈq ÿÿÿÿÿÿÿÿ î/ hÅìÿÿÿÿDInprocServer32èÿÿÿlh `Éq 2.ô¢˜q C ÇÚèÿÿÿvk<(Ëq ¸ÿÿÿC:\WINDOWS\system32\guard.tmplØÿÿÿvk ˜Ëq ThreadingModelèÿÿÿApartmentÀÿÿÿvk&€{01848FFF-ABF1-4609-A69E-2436F0B5FEDD}¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿxf1amic ðÿÿÿ.php àÿÿÿvk €1TPUSN_idàÿÿÿ(¨q €q £q P¨q x¨q XÌq ¸éq ¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ h‘” hÅìÿÿÿÿ8:grkanoid¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpart ha4¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¨Íq mÎq JK¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿData ivk ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe8j315¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ¬¹6 kØcÏ |‡¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ16l000¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ °Þ4 hÅìÿÿÿÿ *¨Íq sÎq Jàÿÿÿvk €Ïq 032 Nèÿÿÿ.phtml Q¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿøÐq nvkðÿÿÿ.php?hbinÐq ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÐ oºfÕOßÄ ¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿtche pCB¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ qPÍq ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ (“” hÅìÿÿÿÿ":-4r-88¨ÿÿÿnk "Õ’`ßÄ pÑb Äq ÿÿÿÿÿÿÿÿhÅìÿÿÿÿ ¨Íq fÎq J¨ÿÿÿnk Èr`ßÄ €Ñq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿXÒq aÒq Uàÿÿÿvk ðÏq 027 YZ¨ÿÿÿnk ]¾—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ ¨‘” hÅìÿÿÿÿ0tLSID¨ÿÿÿnk Èr`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ-4u-88èÿÿÿ.php3?3A3èÿÿÿ.phtml?ÀÒq xÿÿÿC:\documents and settings\tammy\local settings\temp\grosVI.exeependexÿÿÿC:\documents and settings\tammy\local settings\temp\AZ7M2Ozhd.exe¨ÿÿÿnk n Ž`ßÄ X¬q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿomy Fiàÿÿÿvk ÀÔq e037ÿÿÿÿÿèÿÿÿ.process?ðÿÿÿ.py gØÿÿÿvk ~8Óq q grosVI.exeðÔq ¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ c¨ÿÿÿnk °ú»—`ßÄ 0˜q ÿÿÿÿÿÿÿÿ è” hÅìÿÿÿÿ&sidObj¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿe\¨ÿÿÿnk n Ž`ßÄ 0˜q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿfmiàÿÿÿvk àØq 035 §lì²àÿÿÿvk (ïq Zú036PÖq X{692B8041-F1C5-4881-82E9-4F94BBA34AC2}rVer` ¨ÿÿÿnk "Õ’`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿiersion ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿj4EB7BBE¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿkÿÿÿÿÿÿÿ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ0l1.0¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ×q s×q Jàÿÿÿvk Óq 033 Nðÿÿÿ.pl?Q¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿnÿÿÿÿÿÿÿ¨ÿÿÿnk ]¾—`ßÄ ð·q ÿÿÿÿÿÿÿÿ œ” hÅìÿÿÿÿ&"o¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿpC:¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ©:¼ qØ×q ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÙq rØq ±õ ¨ÿÿÿnk ]¾—`ßÄ ßq ÿÿÿÿÿÿÿÿ H” hÅìÿÿÿÿ×q a×q J¨ÿÿÿnk |7•`ßÄ ßq ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿˆÛq bÛq Uàÿÿÿvk èßq 028 YZ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿÿÿÿÿ tÜq ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿNu¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ04v¨ÿÿÿnk ]¾—`ßÄ ð·q ÿÿÿÿÿÿÿÿ ðœ” hÅìÿÿÿÿ""w¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ00x24-¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿH P¼ yøÚq ¨ÿÿÿnk |7•`ßÄ ð·q ÿÿÿÿÿÿÿÿÿÿÿÿhÅìÿÿÿÿ°Ûq zÜq üC¶»¨ÿÿÿnk |7•`ßÄ ð·q
33 ~1\Tammy\LOCALS~1\Temp\temp.fr0ECC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021906.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr3D99\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021907.vxd!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr05C6\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021909.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA848\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021923.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA317\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021924.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frB6AC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021945.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFBDE\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021958.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0416\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021964.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0968\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022110.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFA94\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022112.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frCFD0\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022114.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr7F96\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022115.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr5687\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022116.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frCDF2\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022117.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frE82E\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022119.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA8D5\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022120.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frD292P hbinp<0à/\??\C:\WINDOWS\system32\h20q0cd5ef0.dll!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frDBA4\??\C:\WINDOWS\system32\guard.tmp!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frFAFC\??\C:\WINDOWS\system32\guard.tmp!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr0275\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024696.dll!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr006C\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024697.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr3F57\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024698.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr6DAF\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024699.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frF7C7\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024700.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr73FA\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024701.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr268F\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024702.vxd!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frE8BD\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024703.srg!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frDC99\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024704.exe!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frB578\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225\A0024705.DLL!\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.fr09C0331ø!F01-427C-A58A-7A2E4AABF84D}\RP222\A0021923.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frA317\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021924.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frB6AC\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021945.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFBDE\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021958.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0416\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP222\A0021964.DLL!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.fr0968\??\C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0022110.exe!\??\C:\DOCUME~1\Tammy\LOCALS~1\Temp\temp.frFA94\??\C:\System Volume Information\_restore{
36 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00f8f350 77f5c534 77e7a580 00000700 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00f8f3b8 77e7ab74 00000700 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00f8f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000f8f354 34 c5 f5 77 80 a5 e7 77 - 00 07 00 00 00 00 00 00 4..w...w........0000000000f8f364 00 00 00 00 9a 22 dd 77 - 00 07 00 00 00 00 00 00 .....".w........0000000000f8f374 06 00 52 00 00 00 00 00 - c8 f1 f8 00 01 00 00 00 ..R.............0000000000f8f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000f8f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 f8 00 ............h...0000000000f8f3a4 e0 83 e3 77 74 ff f8 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000f8f3b4 00 00 00 00 64 f4 f8 00 - 74 ab e7 77 00 07 00 00 ....d...t..w....0000000000f8f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 00 07 00 00 ................0000000000f8f3d4 ff ff ff ff 30 f0 d7 00 - c0 52 f2 00 24 02 00 00 ....0....R..$...0000000000f8f3e4 3a 02 00 00 1e 00 00 00 - 36 02 00 00 43 3a 5c 57 :.......6...C:\W0000000000f8f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000f8f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000f8f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000f8f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000f8f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f484 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................*----> State Dump for Thread Id 0x91c <----*eax=100287a4 ebx=00000000 ecx=00d7ed50 edx=00000000 esi=00000224 edi=00000000eip=7ffe0304 esp=00fdfd60 ebp=00fdfdc4 iopl=0 nv up ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00fdfd5c 77f5c534 77e7a580 00000224 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00fdfdc4 77e7ab74 00000224 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc80000002 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000fdfd60 34 c5 f5 77 80 a5 e7 77 - 24 02 00 00 00 00 00 00 4..w...w$.......0000000000fdfd70 00 00 00 00 a8 83 04 10 - 24 02 00
37 ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3 ret 7ffe0305 9c pushfd 7ffe0306 810c2400010000 or dword ptr [esp],0x100 7ffe030d 9d popfd 7ffe030e c3 ret 7ffe030f 8bd4 mov edx,esp 7ffe0311 0f05 syscall 7ffe0313 c3 ret 7ffe0314 9c pushfd 7ffe0315 810c2400010000 or dword ptr [esp],0x100 7ffe031c 9d popfd*----> Stack Back Trace <----*WARNING: Stack unwind information not available. Following frames may be wrong.ChildEBP RetAddr Args to Child 00f8f350 77f5c534 77e7a580 00000230 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])00f8f3b8 77e7ab74 00000230 ffffffff 00000000 ntdll!NtWaitForSingleObject+0xc00f8f464 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject+0xf*----> Raw Stack Dump <----*0000000000f8f354 34 c5 f5 77 80 a5 e7 77 - 30 02 00 00 00 00 00 00 4..w...w0.......0000000000f8f364 00 00 00 00 9a 22 dd 77 - 30 02 00 00 00 00 00 00 .....".w0.......0000000000f8f374 06 00 52 00 00 00 00 00 - c8 f1 f8 00 01 00 00 00 ..R.............0000000000f8f384 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00 .....`..........0000000000f8f394 00 00 00 00 00 00 00 00 - 10 00 00 00 68 f3 f8 00 ............h...0000000000f8f3a4 e0 83 e3 77 74 ff f8 00 - e5 b2 e9 77 98 a5 e8 77 ...wt......w...w0000000000f8f3b4 00 00 00 00 64 f4 f8 00 - 74 ab e7 77 30 02 00 00 ....d...t..w0...0000000000f8f3c4 ff ff ff ff 00 00 00 00 - 8e 14 01 10 30 02 00 00 ............0...0000000000f8f3d4 ff ff ff ff 30 f0 d7 00 - c0 52 f2 00 1c 02 00 00 ....0....R......0000000000f8f3e4 0a 05 00 00 1e 00 00 00 - 82 05 00 00 43 3a 5c 57 ............C:\W0000000000f8f3f4 49 4e 44 4f 57 53 5c 73 - 79 73 74 65 6d 33 32 5c INDOWS\system32\0000000000f8f404 67 75 61 72 64 2e 74 6d - 70 00 65 00 6d 00 33 00 guard.tmp.e.m.3.0000000000f8f414 32 00 5c 00 67 00 75 00 - 61 00 72 00 64 00 2e 00 2.\.g.u.a.r.d...0000000000f8f424 74 00 6d 00 70 00 00 00 - 00 00 00 00 00 00 00 00 t.m.p...........0000000000f8f434 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f444 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f454 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f464 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f474 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................0000000000f8f484 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................*----> State Dump for Thread Id 0x980 <----*eax=100287a4 ebx=00000000 ecx=00d7ed50 edx=00000000 esi=0000021c edi=00000000eip=7ffe0304 esp=00fdfd60 ebp=00fdfdc4 iopl=0 nv up ei pl nz na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202function: <nosymbols> 7ffe02f2 0000 add [eax],al 7ffe02f4 0000 add [eax],al 7ffe02f6 0000 add [eax],al *SharedUserSystemCall: 7ffe02f8 0000 add [eax],al 7ffe02fa 0000 add [eax],al 7ffe02fc 0000 add [eax],al 7ffe02fe 0000 add [eax],al 7ffe0300 8bd4 mov edx,esp 7ffe0302 0f34 sysenter 7ffe0304 c3

#20
Metallica

Posted 27 December 2004 - 03:02 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Copy the part in bold below to notepad. Save the file as remisrch.reg, set type to "all files"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F2217E10-EE42-4C5E-871C-BD3C7B8B26FE}"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]

Doubleclick the file you made and confirm you wannt to merge it with the registry.

Then reboot.

Regards,

Pieter

#21
tdcook4

Posted 27 December 2004 - 07:19 PM

Member

Topic Starter
Member
19 posts

OK...did that. Did you want another Ransack log?

Thanks :tazz:

#22
Metallica

Posted 28 December 2004 - 03:22 AM

Spyware Veteran

GeekU Moderator
33,101 posts

No, all I need now is a HijackThis log and I need to know if it still asks for guard.tmp at boot.

Regards,

Pieter

#23
tdcook4

Posted 28 December 2004 - 10:29 PM

Member

Topic Starter
Member
19 posts

OK...here's my hijack log, and no...I don't think it's asking for guard.tmp. I'm still getting RUNDLL errors at boot, but it hasn't referred to that file but has referred to various others. (bxtsprx3.dll, for example.) I'm getting fewer pop ups, and it does seem to be running better.

Thanks so much! :tazz:

Logfile of HijackThis v1.99.0
Scan saved at 10:11:24 PM, on 12/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\110281~1\EE\AOLHOS~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\110281~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\ogigyo.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PJQ.exe] C:\documents and settings\tammy\local settings\temp\PJQ.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102811785\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted IP range: (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#24
Metallica

Posted 29 December 2004 - 05:13 AM

Spyware Veteran

GeekU Moderator
33,101 posts

This is mighty frustrating. It is still active, so it would get progressively worse if we leave it alone now.

Please try this:
Download TDS-3 from http://tds.diamondcs...p?page=download
and update it following the instructions here:
http://tds.diamondcs...php?page=update
Then click System Testing > Full System scan.
Have it remove everything it gives you a positive identification of.

Then run the FindIt program and post a new log.

TDS should get rid of the old crap, so hopefully I'll get a better view of what is really happening.

Regards,

Pieter

#25
tdcook4

Posted 30 December 2004 - 01:57 PM

Member

Topic Starter
Member
19 posts

TDS didn't find anything, which I found surprising, and frustrating. Here's my new findit log. I thought I'd try running TDS again, but wanted to send this first. (And yes..I updated TDS :tazz:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Program Files\finditnt2000xp\Find It NT-2K-XP

------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

12/30/2004 01:10 PM 224,618 guard.tmp
12/30/2004 12:43 PM 225,246 gppul3791.dll
12/28/2004 04:41 AM 225,588 dn4u01h9e.dll
12/26/2004 09:04 AM 223,581 dinhupnp.dll
12/12/2004 12:40 PM <DIR> DLLCACHE
12/06/2004 06:53 AM 389,120 ??chost.exe
03/22/2004 09:13 PM <DIR> Microsoft
5 File(s) 1,288,153 bytes
2 Dir(s) 66,757,320,704 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

12/12/2004 12:40 PM <DIR> DLLCACHE
12/06/2004 06:53 AM 389,120 ??chost.exe
06/26/2004 10:32 PM <DIR> GroupPolicy
09/03/2002 01:33 PM 488 WindowsLogon.manifest
09/03/2002 01:33 PM 488 logonui.exe.manifest
09/03/2002 01:33 PM 749 sapi.cpl.manifest
09/03/2002 01:33 PM 749 nwc.cpl.manifest
09/03/2002 01:33 PM 749 ncpa.cpl.manifest
09/03/2002 01:33 PM 749 wuaucpl.cpl.manifest
09/03/2002 01:33 PM 749 cdplayer.exe.manifest
8 File(s) 393,841 bytes
2 Dir(s) 66,757,320,704 bytes free

---------- Files Named "Guard" -------------

Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

12/30/2004 01:10 PM 224,618 guard.tmp
1 File(s) 224,618 bytes
0 Dir(s) 66,757,316,608 bytes free

--------- Temp Files in System32 Directory --------

Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

12/30/2004 01:10 PM 224,618 guard.tmp
08/29/2002 05:00 AM 2,577 CONFIG.TMP
2 File(s) 227,195 bytes
0 Dir(s) 66,757,312,512 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F2217E10-EE42-4C5E-871C-BD3C7B8B26FE}"=""

------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\f4l00e3meh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM32\
dinhupnp.dll Sun Dec 26 2004 9:04:04a ..S.R 223,581 218.34 K
dn4u01~1.dll Tue Dec 28 2004 4:41:38a ..S.R 225,588 220.30 K
gppul3~1.dll Thu Dec 30 2004 12:43:30p ..S.R 225,246 219.96 K
guard.tmp Thu Dec 30 2004 1:10:20p ..S.R 224,618 219.35 K
chost~1.exe Mon Dec 6 2004 6:53:08a ..SHR 389,120 380.00 K

5 items found: 5 files, 0 directories.
Total of file sizes: 1,288,153 bytes 1.23 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\SYSTEM32\mazapm.exe: updates.qoologic.com
C:\WINDOWS\SYSTEM32\zqyqgz.dll: updates.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\SYSTEM32\ogigyo.exe: .aspack
C:\WINDOWS\SYSTEM32\ykakqy.dat: .aspack

----------------- HKLM Run Key ------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"PPMemCheck"="c:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"PJQ.exe"="C:\\documents and settings\\tammy\\local settings\\temp\\PJQ.exe"
"PestPatrol Control Center"="c:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"Iomega Automatic Backup 1.0.1"="C:\\Program Files\\Iomega\\Iomega Automatic Backup\\ibackup.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1102811785\\EE\\AOLHostManager.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"CookiePatrol"="c:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

#26
tdcook4

Posted 30 December 2004 - 01:59 PM

Member

Topic Starter
Member
19 posts

TDS didn't find anything, which I found surprising, and frustrating. Here's my new findit log. I thought I'd try running TDS again, but wanted to send this first. (And yes..I updated TDS :tazz:

#27
Metallica

Posted 30 December 2004 - 02:06 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Run killbox and paste each of these lines into the box, select delete on reboot then press the red X button, when it says reboot now, say no and continue to paste the lines into the box in turn and follow the above procedure every time, after the last line has been pasted let it reboot.

C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\gppul3791.dll
C:\WINDOWS\System32\dn4u01h9e.dll
C:\WINDOWS\System32\dinhupnp.dll
C:\WINDOWS\SYSTEM32\mazapm.exe
C:\WINDOWS\SYSTEM32\zqyqgz.dll
C:\WINDOWS\SYSTEM32\ogigyo.exe
C:\WINDOWS\SYSTEM32\ykakqy.dat
C:\WINDOWS\SYSTEM32\chost~1.exe
C:\WINDOWS\system32\f4l00e3meh.dll <= save till last

After the reboot copy and paste the text in bold below into a text editor such as Notepad.
Save this text as FixVX2.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Double-click on FixVX2.reg. When it asks you to merge the information to the registry click Yes.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F2217E10-EE42-4C5E-871C-BD3C7B8B26FE}"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PJQ.exe"=-

Then reboot once more and post a HijackThis log.

Regards,

Pieter

#28
tdcook4

Posted 30 December 2004 - 10:58 PM

Member

Topic Starter
Member
19 posts

All done....and you have the patience of a saint :tazz:

Here's my HijackThis log.....

Logfile of HijackThis v1.99.0
Scan saved at 10:56:44 PM, on 12/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ogigyo.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\PROGRA~1\COMMON~1\AOL\110281~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110281~1\EE\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102811785\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: strings.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted IP range: (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#29
Metallica

Posted 31 December 2004 - 02:45 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch

O4 - Global Startup: strings.exe

Then reboot.

Run HijackThis and check if the O1 entries stay away this time.

Regards,

Pieter

#30
criticman

Posted 31 December 2004 - 04:22 PM

Member

Member
37 posts

Major newbie here. I apparently have the same problem as PyromanicElf (post 12/13) and neo fightr (post 12/18). I've received numerous error messages, including "An exception occurred while trying to run "C:\Windows\system32\guard.tmp", UMonitor. The same message occurs frequently with various .dll extensions.

In addition, Norton appeared to be updating for several days as I was running numerous virus scans, but the update date never changed. (My son eventually mentioned receiving an error message that Norton had been tampered with.) I followed Norton's instructions to fix (disable System Restore, backup registry, uninstall, reinstall, etc.) I repeatedly have 18 files Norton still can't remove and I suspect it's not updating again.

I've run Adaware repeatedly. Some objects are removed, but it always ends with the message "Some objects could not be removed. Try closing all open browser windows prior to removal, etc." As Adaware is removing objects, my desktop icons disappear, the screen flashes briefly and the My Documents window always opens.

I'm feeling way over my head, but I've read your instructions to others.....obtain logs only, no removal of anything...... and will post the logs here.

Please help! I apologize if I'm giving you way more than you need in terms of logs. Thanks in advance for anything you can do.

Here's the Find It NT-2K-XP log....
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Program Files\finditnt2000xp\Find It NT-2K-XP

------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

12/19/2004 05:56 PM 225,787 OUE2.DLL
12/19/2004 05:56 PM 225,915 f82m0if1e82.dll
12/19/2004 05:42 PM 225,914 jt2m07f1e.dll
12/19/2004 02:03 PM 226,087 f00o0ad3ed0.dll
12/19/2004 01:54 PM 226,196 lv0409dqe.dll
12/19/2004 02:37 AM 223,924 e6020gdoe60c0.dll
12/18/2004 05:39 PM 225,787 gp68l3ju1.dll
12/18/2004 05:05 PM 224,177 fpn2035oe.dll
12/17/2004 02:04 PM 224,983 OKEACC.DLL
12/17/2004 01:48 PM 224,983 IHWPHBK.DLL
12/17/2004 01:46 PM 223,046 i660lgjm16oa.dll
12/17/2004 01:39 PM 223,046 witdecod.dll
12/17/2004 10:23 AM 224,983 mwwstr10.dll
12/17/2004 09:03 AM 224,635 p6p60g7se6.dll
12/17/2004 08:35 AM 224,635 MANSSPC.DLL
12/17/2004 08:10 AM 223,225 SNRMDLL.DLL
12/17/2004 12:48 AM 223,225 SLPRV.DLL
12/17/2004 12:48 AM 224,557 i2lolc331f.dll
12/16/2004 03:01 PM 224,424 WT2TOPL.DLL
12/16/2004 10:05 AM 225,098 SWSSETUP.DLL
12/16/2004 08:51 AM 224,424 MZRCLR40.DLL
12/16/2004 03:17 AM 225,285 dnro0193e.dll
12/16/2004 02:18 AM 224,424 dxwave.dll
12/16/2004 02:09 AM 225,285 IEAGEHLP.DLL
12/16/2004 02:06 AM 224,424 II32_32.DLL
12/16/2004 01:45 AM 225,881 ddcompos.dll
12/16/2004 01:20 AM 223,222 IUETPP.DLL
12/13/2004 01:59 AM 226,050 lvp0097me.dll
12/12/2004 12:40 PM <DIR> DLLCACHE
12/12/2004 07:55 AM 223,017 DBMASF.DLL
12/11/2004 10:43 PM 223,017 MPBSYNC.DLL
12/11/2004 10:07 PM 224,612 RGVPSP.DLL
12/11/2004 09:49 PM 223,017 wccdlg.dll
12/11/2004 08:18 PM 226,158 WHBHITS.DLL
12/11/2004 07:44 PM 226,158 NGMSMGR.DLL
12/11/2004 07:44 PM 222,833 enn2l15o1.dll
12/11/2004 12:16 PM 226,158 WZN87EM.DLL
12/11/2004 12:14 PM 224,359 j8l40i3qe8.dll
12/11/2004 12:44 AM 223,327 hrr0059me.dll
12/06/2004 06:53 AM 389,120 ??chost.exe
03/22/2004 09:13 PM <DIR> Microsoft
39 File(s) 8,925,398 bytes
2 Dir(s) 67,442,290,688 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

12/12/2004 12:40 PM <DIR> DLLCACHE
12/06/2004 06:53 AM 389,120 ??chost.exe
06/26/2004 10:32 PM <DIR> GroupPolicy
09/03/2002 01:33 PM 488 WindowsLogon.manifest
09/03/2002 01:33 PM 488 logonui.exe.manifest
09/03/2002 01:33 PM 749 sapi.cpl.manifest
09/03/2002 01:33 PM 749 nwc.cpl.manifest
09/03/2002 01:33 PM 749 ncpa.cpl.manifest
09/03/2002 01:33 PM 749 wuaucpl.cpl.manifest
09/03/2002 01:33 PM 749 cdplayer.exe.manifest
8 File(s) 393,841 bytes
2 Dir(s) 67,442,290,688 bytes free

---------- Files Named "Guard" -------------

Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32
--------- Temp Files in System32 Directory --------

Volume in drive C has no label.
Volume Serial Number is 3441-CED9

Directory of C:\WINDOWS\System32

08/29/2002 05:00 AM 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 67,442,282,496 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F2217E10-EE42-4C5E-871C-BD3C7B8B26FE}"=""
------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp68l3ju1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM32\
dbmasf.dll Sun Dec 12 2004 7:55:06a ..S.R 223,017 217.79 K
ddcompos.dll Thu Dec 16 2004 1:45:42a ..S.R 225,881 220.59 K
dnro01~1.dll Thu Dec 16 2004 3:17:30a ..S.R 225,285 220.00 K
dxwave.dll Thu Dec 16 2004 2:18:46a ..S.R 224,424 219.16 K
e6020g~1.dll Sun Dec 19 2004 2:37:38a ..S.R 223,924 218.68 K
enn2l1~1.dll Sat Dec 11 2004 7:44:58p ..S.R 222,833 217.61 K
f00o0a~1.dll Sun Dec 19 2004 2:04:00p ..S.R 226,087 220.79 K
f82m0i~1.dll Sun Dec 19 2004 5:56:08p ..S.R 225,915 220.62 K
fpn203~1.dll Sat Dec 18 2004 5:05:56p ..S.R 224,177 218.92 K
gp68l3~1.dll Sat Dec 18 2004 5:39:36p ..S.R 225,787 220.49 K
hrr005~1.dll Sat Dec 11 2004 12:44:36a ..S.R 223,327 218.09 K
i2lolc~1.dll Fri Dec 17 2004 12:48:02a ..S.R 224,557 219.29 K
i660lg~1.dll Fri Dec 17 2004 1:46:58p ..S.R 223,046 217.82 K
ieagehlp.dll Thu Dec 16 2004 2:09:36a ..S.R 225,285 220.00 K
ihwphbk.dll Fri Dec 17 2004 1:48:24p ..S.R 224,983 219.71 K
ii32_32.dll Thu Dec 16 2004 2:06:18a ..S.R 224,424 219.16 K
iuetpp.dll Thu Dec 16 2004 1:20:28a ..S.R 223,222 217.99 K
j8l40i~1.dll Sat Dec 11 2004 12:14:52p ..S.R 224,359 219.10 K
jt2m07~1.dll Sun Dec 19 2004 5:42:16p ..S.R 225,914 220.62 K
lv0409~1.dll Sun Dec 19 2004 1:54:10p ..S.R 226,196 220.89 K
lvp009~1.dll Mon Dec 13 2004 1:59:26a ..S.R 226,050 220.75 K
mansspc.dll Fri Dec 17 2004 8:35:06a ..S.R 224,635 219.37 K
mpbsync.dll Sat Dec 11 2004 10:43:06p ..S.R 223,017 217.79 K
mwwstr10.dll Fri Dec 17 2004 10:23:38a ..S.R 224,983 219.71 K
mzrclr40.dll Thu Dec 16 2004 8:51:50a ..S.R 224,424 219.16 K
ngmsmgr.dll Sat Dec 11 2004 7:44:58p ..S.R 226,158 220.86 K
okeacc.dll Fri Dec 17 2004 2:04:26p ..S.R 224,983 219.71 K
oue2.dll Sun Dec 19 2004 5:56:10p ..S.R 225,787 220.49 K
p6p60g~1.dll Fri Dec 17 2004 9:03:06a ..S.R 224,635 219.37 K
rgvpsp.dll Sat Dec 11 2004 10:07:36p ..S.R 224,612 219.35 K
slprv.dll Fri Dec 17 2004 12:48:02a ..S.R 223,225 217.99 K
snrmdll.dll Fri Dec 17 2004 8:10:52a ..S.R 223,225 217.99 K
swssetup.dll Thu Dec 16 2004 10:05:56a ..S.R 225,098 219.82 K
wccdlg.dll Sat Dec 11 2004 9:49:30p ..S.R 223,017 217.79 K
whbhits.dll Sat Dec 11 2004 8:18:18p ..S.R 226,158 220.86 K
witdecod.dll Fri Dec 17 2004 1:39:58p ..S.R 223,046 217.82 K
wt2topl.dll Thu Dec 16 2004 3:01:36p ..S.R 224,424 219.16 K
wzn87em.dll Sat Dec 11 2004 12:16:02p ..S.R 226,158 220.86 K
chost~1.exe Mon Dec 6 2004 6:53:08a ..SHR 389,120 380.00 K

39 items found: 39 files, 0 directories.
Total of file sizes: 8,925,398 bytes 8.51 M

------------ Strings.exe Qoologic Results ------------
-------------- Strings.exe Aspack Results -------------
----------------- HKLM Run Key ------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"WildTangent CDA"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ueUiaK.exe"="C:\\documents and settings\\tammy\\local settings\\temp\\ueUiaK.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"pvbDp.exe"="C:\\documents and settings\\tammy\\local settings\\temp\\pvbDp.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"PJQ.exe"="C:\\documents and settings\\tammy\\local settings\\temp\\PJQ.exe"
"PestPatrol Control Center"="C:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"javaba32.exe"="C:\\WINDOWS\\javaba32.exe"
"Iomega Automatic Backup 1.0.1"="C:\\Program Files\\Iomega\\Iomega Automatic Backup\\ibackup.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1102811785\\EE\\AOLHostManager.exe"
"grosVI.exe"="C:\\documents and settings\\tammy\\local settings\\temp\\grosVI.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"AZ7M2Ozhd.exe"="C:\\documents and settings\\tammy\\local settings\\temp\\AZ7M2Ozhd.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

And the log from VX2Finder......

Log for VX2.BetterInternet File Finder (msg126)

Files Found---

Additional Files---

Keys Under Notify---
App Management
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon
Guardian Key--- is called:

User Agent String---
{F2217E10-EE42-4C5E-871C-BD3C7B8B26FE}
And DllCompare...

* DLLCompare Log version(1.0.0.97)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\dbmasf.dll Sun Dec 12 2004 7:55:06a ..S.R 223,017 217.79 K
C:\WINDOWS\SYSTEM32\ddcompos.dll Thu Dec 16 2004 1:45:42a ..S.R 225,881 220.59 K
C:\WINDOWS\SYSTEM32\dnro01~1.dll Thu Dec 16 2004 3:17:30a ..S.R 225,285 220.00 K
C:\WINDOWS\SYSTEM32\dxwave.dll Thu Dec 16 2004 2:18:46a ..S.R 224,424 219.16 K
C:\WINDOWS\SYSTEM32\e6020g~1.dll Sun Dec 19 2004 2:37:38a ..S.R 223,924 218.68 K
C:\WINDOWS\SYSTEM32\enn2l1~1.dll Sat Dec 11 2004 7:44:58p ..S.R 222,833 217.61 K
C:\WINDOWS\SYSTEM32\f00o0a~1.dll Sun Dec 19 2004 2:04:00p ..S.R 226,087 220.79 K
C:\WINDOWS\SYSTEM32\f82m0i~1.dll Sun Dec 19 2004 5:56:08p ..S.R 225,915 220.62 K
C:\WINDOWS\SYSTEM32\fpn203~1.dll Sat Dec 18 2004 5:05:56p ..S.R 224,177 218.92 K
C:\WINDOWS\SYSTEM32\gp68l3~1.dll Sat Dec 18 2004 5:39:36p ..S.R 225,787 220.49 K
C:\WINDOWS\SYSTEM32\hrr005~1.dll Sat Dec 11 2004 12:44:36a ..S.R 223,327 218.09 K
C:\WINDOWS\SYSTEM32\i2lolc~1.dll Fri Dec 17 2004 12:48:02a ..S.R 224,557 219.29 K
C:\WINDOWS\SYSTEM32\i660lg~1.dll Fri Dec 17 2004 1:46:58p ..S.R 223,046 217.82 K
C:\WINDOWS\SYSTEM32\ieagehlp.dll Thu Dec 16 2004 2:09:36a ..S.R 225,285 220.00 K
C:\WINDOWS\SYSTEM32\ihwphbk.dll Fri Dec 17 2004 1:48:24p ..S.R 224,983 219.71 K
C:\WINDOWS\SYSTEM32\ii32_32.dll Thu Dec 16 2004 2:06:18a ..S.R 224,424 219.16 K
C:\WINDOWS\SYSTEM32\iuetpp.dll Thu Dec 16 2004 1:20:28a ..S.R 223,222 217.99 K
C:\WINDOWS\SYSTEM32\j8l40i~1.dll Sat Dec 11 2004 12:14:52p ..S.R 224,359 219.10 K
C:\WINDOWS\SYSTEM32\jt2m07~1.dll Sun Dec 19 2004 5:42:16p ..S.R 225,914 220.62 K
C:\WINDOWS\SYSTEM32\lv0409~1.dll Sun Dec 19 2004 1:54:10p ..S.R 226,196 220.89 K
C:\WINDOWS\SYSTEM32\lvp009~1.dll Mon Dec 13 2004 1:59:26a ..S.R 226,050 220.75 K
C:\WINDOWS\SYSTEM32\mansspc.dll Fri Dec 17 2004 8:35:06a ..S.R 224,635 219.37 K
C:\WINDOWS\SYSTEM32\mpbsync.dll Sat Dec 11 2004 10:43:06p ..S.R 223,017 217.79 K
C:\WINDOWS\SYSTEM32\mwwstr10.dll Fri Dec 17 2004 10:23:38a ..S.R 224,983 219.71 K
C:\WINDOWS\SYSTEM32\mzrclr40.dll Thu Dec 16 2004 8:51:50a ..S.R 224,424 219.16 K
C:\WINDOWS\SYSTEM32\ngmsmgr.dll Sat Dec 11 2004 7:44:58p ..S.R 226,158 220.86 K
C:\WINDOWS\SYSTEM32\okeacc.dll Fri Dec 17 2004 2:04:26p ..S.R 224,983 219.71 K
C:\WINDOWS\SYSTEM32\oue2.dll Sun Dec 19 2004 5:56:10p ..S.R 225,787 220.49 K
C:\WINDOWS\SYSTEM32\p6p60g~1.dll Fri Dec 17 2004 9:03:06a ..S.R 224,635 219.37 K
C:\WINDOWS\SYSTEM32\rgvpsp.dll Sat Dec 11 2004 10:07:36p ..S.R 224,612 219.35 K
C:\WINDOWS\SYSTEM32\slprv.dll Fri Dec 17 2004 12:48:02a ..S.R 223,225 217.99 K
C:\WINDOWS\SYSTEM32\snrmdll.dll Fri Dec 17 2004 8:10:52a ..S.R 223,225 217.99 K
C:\WINDOWS\SYSTEM32\swssetup.dll Thu Dec 16 2004 10:05:56a ..S.R 225,098 219.82 K
C:\WINDOWS\SYSTEM32\wccdlg.dll Sat Dec 11 2004 9:49:30p ..S.R 223,017 217.79 K
C:\WINDOWS\SYSTEM32\whbhits.dll Sat Dec 11 2004 8:18:18p ..S.R 226,158 220.86 K
C:\WINDOWS\SYSTEM32\witdecod.dll Fri Dec 17 2004 1:39:58p ..S.R 223,046 217.82 K
C:\WINDOWS\SYSTEM32\wt2topl.dll Thu Dec 16 2004 3:01:36p ..S.R 224,424 219.16 K
C:\WINDOWS\SYSTEM32\wzn87em.dll Sat Dec 11 2004 12:16:02p ..S.R 226,158 220.86 K
________________________________________________

1,301 items found: 1,301 files (38 H/S), 0 directories.
Total of file sizes: 268,170,595 bytes 255.75 M

Administrator Account = True

--------------------End log---------------------
And finally....my hijack this log. Incidentally, an error message appears when I open HijackThis, telling me it "appears to have been opened from a temporary folder, etc."....but it's not a temporary. I tried pasting into another, but still get the same message.

Logfile of HijackThis v1.99.0
Scan saved at 2:40:54 AM, on 12/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\documents and settings\tammy\local settings\temp\AZ7M2Ozhd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\??chost.exe
C:\PROGRA~1\COMMON~1\AOL\110281~1\EE\AOLHOS~1.EXE
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\PROGRA~1\COMMON~1\AOL\110281~1\EE\AOLServiceHost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zuyhd.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zuyhd.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Tammy\Local Settings\Temp\aHXn52s3U.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ueUiaK.exe] C:\documents and settings\tammy\local settings\temp\ueUiaK.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pvbDp.exe] C:\documents and settings\tammy\local settings\temp\pvbDp.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PJQ.exe] C:\documents and settings\tammy\local settings\temp\PJQ.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [javaba32.exe] C:\WINDOWS\javaba32.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102811785\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [grosVI.exe] C:\documents and settings\tammy\local settings\temp\grosVI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AZ7M2Ozhd.exe] C:\documents and settings\tammy\local settings\temp\AZ7M2Ozhd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [Yvaz] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45CA330F-30C2-47FC-B2FA-5527179FC356}: NameServer = 205.188.146.146
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\winxq.exe (file missing)