Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Problem--- I Appreciate Your Help


  • Please log in to reply
22 replies to this topic

#1 marteny

marteny

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 10 January 2008 - 07:06 AM

Hi--
Here is the bit defender log to give an idea of what I have had/ still have on the computer:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Thu, Jan 10, 2008 - 06:11:41
--------------------------------------------------------------------------------
Scan Info

Scanned Files
385802

Infected Files
42
Virus Detected

Trojan.Downloader.JJJF
1

Trojan.Vundo.DVD
8

Generic.Adw.SaveNow.89FD2E0C
3

Trojan.Vundo.DVS
21

Exploit.Java.Gimsh.B
4

Generic.Adw.SaveNow.56AD4696
5

---it said it could not repair or delete some of them--- i couldn't figure out which ones
--------------------------------------------------------------------

--here is my hijack this file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:12 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\windows\Explorer.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\HPMProp.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=45440
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198943520230
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

--
End of file - 7779 bytes


--Just tell me what you think I should do. Thanks!!!

BC AdBot (Login to Remove)

 


m

#2 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 13 January 2008 - 03:00 PM

....it seems to be virtumonde

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:00 AM

Posted 15 January 2008 - 12:21 PM

Hello marteny and welcome to the BC HijackThis forum. I don't see anything in the HijackThis log. Let's try a different scanner and see what it shows us.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Session Manager Settings
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 January 2008 - 04:45 PM

WinPFind35 logfile created on: 1/15/2008 4:40:41 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Marty\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.90% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 160000;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 178.97 Gb Free Space | 76.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MARTYNTENAS
Current User Name: Marty
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20548 bytes | Modified Date = 2/28/2004 1:30:34 AM | Attr = ]
nsvcip.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [Ver = | Size = 106557 bytes | Modified Date = 5/17/2004 1:33:10 PM | Attr = ]
nsvclog.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [Ver = | Size = 53313 bytes | Modified Date = 5/17/2004 1:32:38 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 114755 bytes | Modified Date = 1/28/2002 7:10:20 AM | Attr = R ]
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20548 bytes | Modified Date = 2/28/2004 1:30:34 AM | Attr = ]
kem.exe -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> Logitech Inc. [Ver = 2.12.801 | Size = 581632 bytes | Modified Date = 7/15/2004 10:56:56 AM | Attr = ]
khalmnpr.exe -> %ProgramFiles%\Logitech\SetPoint\KHALMNPR.exe -> Logitech Inc. [Ver = 2.12.735 | Size = 29696 bytes | Modified Date = 6/8/2004 11:31:38 AM | Attr = ]
hpmprop.bin -> %System32%\HPMProp.bin -> Hewlett-Packard [Ver = 2.75.0.0 | Size = 40960 bytes | Modified Date = 6/2/2006 5:36:34 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20548 bytes | Modified Date = 2/28/2004 1:30:34 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/14/2007 2:34:53 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [Ver = | Size = 106557 bytes | Modified Date = 5/17/2004 1:33:10 PM | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [Ver = | Size = 53313 bytes | Modified Date = 5/17/2004 1:32:38 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 114755 bytes | Modified Date = 1/28/2002 7:10:20 AM | Attr = R ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\spool\drivers\w32x86\3\HPZIPM12.EXE -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 10/7/2004 10:24:02 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(AmdPPM) AMD HwPState Processor Driver [Kernel | System | Running] -> %System32%\drivers\AmdPPM.sys -> Advanced Micro Devices [Ver = 1.0.0 built by: WinDDK | Size = 33792 bytes | Modified Date = 4/16/2007 9:46:34 PM | Attr = ]
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(cmuda3) Turtle Beach Montego DDL Interface [Kernel | On_Demand | Running] -> %System32%\drivers\cmuda3.sys -> C-Media Inc [Ver = 5.12.01.0045 | Size = 1319168 bytes | Modified Date = 4/1/2005 3:09:00 PM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(dvd43llh) dvd43llh [Kernel | On_Demand | Running] -> %System32%\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 1/12/2008 10:58:46 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042Kbd.sys -> Logitech, Inc. [Ver = 2.12.735.00 | Size = 13105 bytes | Modified Date = 6/8/2004 11:36:28 AM | Attr = ]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042mou.Sys -> Logitech, Inc. [Ver = 2.12.735.00 | Size = 54817 bytes | Modified Date = 6/8/2004 11:35:18 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 2.12.735.00 | Size = 71533 bytes | Modified Date = 6/8/2004 11:35:08 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Modified Date = 9/9/2006 3:36:14 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 2459840 bytes | Modified Date = 1/28/2002 7:10:16 AM | Attr = R ]
(nvax) Service for NVIDIA® nForce™ Audio Enumerator [Kernel | On_Demand | Stopped] -> %System32%\drivers\nvax.sys -> NVIDIA Corporation [Ver = 6.14.0445.31 built by: NVIDIA | Size = 49664 bytes | Modified Date = 8/16/2004 7:43:24 PM | Attr = R ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 33280 bytes | Modified Date = 8/16/2004 7:43:24 PM | Attr = R ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 12928 bytes | Modified Date = 8/16/2004 7:43:24 PM | Attr = R ]
(nvnforce) Service for NVIDIA® nForce™ Audio [Kernel | On_Demand | Stopped] -> %System32%\drivers\nvapu.sys -> NVIDIA Corporation [Ver = 6.14.0445.31 built by: NVIDIA | Size = 399104 bytes | Modified Date = 8/16/2004 7:43:24 PM | Attr = R ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.36 | Size = 47360 bytes | Modified Date = 9/14/2006 3:29:02 PM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\drivers\PfModNT.sys -> Creative Technology Ltd. [Ver = 3.0.0.4 | Size = 71596 bytes | Modified Date = 6/3/2004 11:10:00 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 5/7/2007 3:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RTSTOR) USB Mass Stroage Device [Kernel | On_Demand | Running] -> %System32%\drivers\RTSTOR.sys -> Realtek Semiconductor Corp. [Ver = 2.0.2.0 | Size = 26112 bytes | Modified Date = 12/30/2004 2:28:54 PM | Attr = ]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
KernelFaultCheck -> -> File not found
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 4112384 bytes | Modified Date = 1/28/2002 7:10:16 AM | Attr = R ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 81920 bytes | Modified Date = 1/28/2002 7:10:18 AM | Attr = R ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 843776 bytes | Modified Date = 1/28/2002 7:10:16 AM | Attr = R ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 9/6/2006 11:05:50 PM | Attr = HS]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> Logitech Inc. [Ver = 2.12.801 | Size = 581632 bytes | Modified Date = 7/15/2004 10:56:56 AM | Attr = ]
< Marty Startup Folder > -> C:\Documents and Settings\Marty\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 9/6/2006 11:05:50 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\vtuutrp.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
jkkkhhf -> jkkkhhf.dll -> File not found
vtuutrp -> vtuutrp.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.dogpile.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.wunderground.com/cgi-bin/findwe...ast?query=45440 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.dogpile.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.wunderground.com/cgi-bin/findwe...ast?query=45440 ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> localhost ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
*.update_microsoft.com [https] -> Trusted sites ->
download_windowsupdate.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{58A839B2-2252-47D8-8E27-76ECFB247DBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{7645B948-C8BA-4FCF-A989-482CD7AFEAB3} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 339968 bytes | Modified Date = 1/2/2008 8:10:50 PM | Attr = ]
{95e853f2-d8a9-4f1b-99a7-148c422ab5e6} [HKEY_LOCAL_MACHINE] -> %System32%\bugbvflc.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 79424 bytes | Modified Date = 1/10/2008 5:29:11 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 12/11/2007 1:35:46 PM | Attr = ]
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\vtuutrp.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{F34C67C2-15EE-46B0-B3E0-FA36F5A42AA0} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 339968 bytes | Modified Date = 1/2/2008 8:10:50 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{653D93AF-C741-4e5e-8C1B-59BA43F93E16}:Exec -> [Panda ActiveScan] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{CE5D87D0-8B4A-49BF-B68E-822D7EBED651} -> () ->
{FAA76992-B47D-464A-80F4-E8E851A849CD} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{156BF4B7-AE3A-4365-BD88-95A75AF8F09D}[HKEY_LOCAL_MACHINE] -> http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab[HPSDDX Class] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] ->
{512FC5A1-7DE1-43F1-BC0C-371622FCB409}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/as/cabs/ascstubie.cab[TotalScan Installer Class] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1198943520230[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
C:\windows\system32\opnlm -> %System32%\opnlm.exe -> [Ver = | Size = 3584 bytes | Modified Date = 1/15/2008 5:54:21 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 792 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 33434 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [Ver = | Size = 3584 bytes | Modified Date = 1/15/2008 11:00:41 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe -> C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe [C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser] -> Naviant, Inc. [Ver = 1.0.1.2 | Size = 212992 bytes | Modified Date = 9/12/2001 1:42:58 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office\WINWORD.EXE -> C:\Program Files\Microsoft Office\Office\WINWORD.EXE [C:\Program Files\Microsoft Office\Office\WINWORD.EXE:*:Enabled:Microsoft Word for Windows] -> Microsoft Corporation [Ver = 9.0.6926 | Size = 8826932 bytes | Modified Date = 9/30/2002 2:29:48 AM | Attr = R ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mercora\MercoraClient.exe -> C:\Program Files\Mercora\MercoraClient.exe [C:\Program Files\Mercora\MercoraClient.exe:*:Enabled:Mercora IM Radio Client 5.1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Octoshape Streaming Services\Marty\OctoshapeClient.exe -> C:\Program Files\Octoshape Streaming Services\Marty\OctoshapeClient.exe [C:\Program Files\Octoshape Streaming Services\Marty\OctoshapeClient.exe:*:Enabled:OctoshapeClient] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe -> C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe [C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\MOHAA\MOHAA.exe -> C:\Program Files\EA GAMES\MOHAA\MOHAA.exe [C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe -> C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe [C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe -> C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe [C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe:*:Disabled:GoogleToolbarNotifier] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MostFun\Bin\MostFun.exe -> C:\Program Files\MostFun\Bin\MostFun.exe [C:\Program Files\MostFun\Bin\MostFun.exe:*:Disabled:MostFun Agent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\MsnMsgr .Exe -> C:\Program Files\MSN Messenger\MsnMsgr .Exe [C:\Program Files\MSN Messenger\MsnMsgr .Exe:*:Disabled:Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MySpace\IM\MySpaceIM .exe -> C:\Program Files\MySpace\IM\MySpaceIM .exe [C:\Program Files\MySpace\IM\MySpaceIM .exe:*:Enabled:MySpaceIM ] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe -> C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe [C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:javaw] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49250 bytes | Modified Date = 11/10/2005 10:27:16 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1626:UDP -> 1626:UDP:*:Enabled:killer ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\windows\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *;lsdelete; ->
ExcludeFromKnownDlls -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 1/15/2008 5:54:27 AM | Attr = ]
%SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 1/12/2008 11:28:28 AM | Attr = ]
%SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 1/10/2008 5:57:20 PM | Attr = ]
C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 5/25/2007 4:46:54 PM | Attr = ]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> .COM -> File not found
.EXE -> .EXE -> File not found
.BAT -> .BAT -> File not found
.CMD -> .CMD -> File not found
.VBS -> .VBS -> File not found
.VBE -> .VBE -> File not found
.JS -> .JS -> File not found
.JSE -> .JSE -> File not found
.WSF -> .WSF -> File not found
.WSH -> .WSH -> File not found
*MultiFile Done* -> ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 11:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 6:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\\EnableFirewall -> 0 ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->


[Files/Folders - Created Within 30 days]
38C1.tmp -> %SystemDrive%\38C1.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/11/2008 11:21:22 PM | Attr = ]
3AFF.tmp -> %SystemDrive%\3AFF.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/9/2008 7:30:19 PM | Attr = ]
757E.tmp -> %SystemDrive%\757E.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/9/2008 9:28:58 PM | Attr = ]
AFFF.tmp -> %SystemDrive%\AFFF.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/10/2008 6:40:58 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/7/2008 5:23:31 PM | Attr = H ]
lj194 -> %SystemDrive%\lj194 -> [Folder | Created Date = 12/23/2007 8:38:05 PM | Attr = ]
MyProjects -> %SystemDrive%\MyProjects -> [Folder | Created Date = 12/25/2007 10:25:55 AM | Attr = ]
akciglcflbmv.sys -> %System32%\drivers\akciglcflbmv.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/9/2008 8:37:52 PM | Attr = ]
inxenmmugnvu.sys -> %System32%\drivers\inxenmmugnvu.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/9/2008 6:45:37 PM | Attr = ]
PROCEXP.SYS -> %System32%\drivers\PROCEXP.SYS -> SysInternals [Ver = 6.00 | Size = 10140 bytes | Created Date = 12/25/2007 10:30:04 AM | Attr = ]
qnapydxupfhy.sys -> %System32%\drivers\qnapydxupfhy.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/10/2008 5:56:06 PM | Attr = ]
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/10/2008 5:57:16 PM | Attr = ]
xchhvlpfejjk.sys -> %System32%\drivers\xchhvlpfejjk.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/11/2008 10:32:49 PM | Attr = ]
000080.exe -> %System32%\000080.exe -> [Ver = | Size = 286288 bytes | Created Date = 12/22/2007 12:54:36 AM | Attr = ]
aaeprntv.dll -> %System32%\aaeprntv.dll -> [Ver = | Size = 79424 bytes | Created Date = 1/10/2008 5:26:18 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/9/2008 6:34:33 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/9/2008 6:35:00 PM | Attr = ]
bits -> %System32%\bits -> [Folder | Created Date = 1/7/2008 5:26:14 PM | Attr = ]
bugbvflc.dll -> %System32%\bugbvflc.dll -> [Ver = | Size = 79424 bytes | Created Date = 1/10/2008 5:28:58 PM | Attr = ]
ggggh.ini -> %System32%\ggggh.ini -> [Ver = | Size = 470572 bytes | Created Date = 12/31/2007 6:04:54 PM | Attr = HS]
ggggh.ini2 -> %System32%\ggggh.ini2 -> [Ver = | Size = 470572 bytes | Created Date = 1/1/2008 11:38:44 AM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/9/2008 6:34:36 PM | Attr = ]
hgded.exe -> %System32%\hgded.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 10:21:15 AM | Attr = ]
hgggg.exe -> %System32%\hgggg.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 6:04:55 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
khfda.exe -> %System32%\khfda.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 11:30:03 PM | Attr = ]
kjjjl.ini -> %System32%\kjjjl.ini -> [Ver = | Size = 467982 bytes | Created Date = 1/2/2008 7:59:30 PM | Attr = HS]
kjjjl.ini2 -> %System32%\kjjjl.ini2 -> [Ver = | Size = 467982 bytes | Created Date = 1/2/2008 7:59:30 PM | Attr = HS]
ljjgd.dll -> %System32%\ljjgd.dll -> [Ver = | Size = 23160 bytes | Created Date = 12/29/2007 9:27:02 AM | Attr = ]
lnoqr.ini -> %System32%\lnoqr.ini -> [Ver = | Size = 470902 bytes | Created Date = 12/29/2007 3:31:48 PM | Attr = HS]
lnoqr.ini2 -> %System32%\lnoqr.ini2 -> [Ver = | Size = 470902 bytes | Created Date = 12/29/2007 3:31:48 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 12/23/2007 8:41:45 PM | Attr = ]
mljii.exe -> %System32%\mljii.exe -> [Ver = | Size = 1 bytes | Created Date = 12/29/2007 5:35:27 PM | Attr = ]
mljji.exe -> %System32%\mljji.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 3:58:48 PM | Attr = ]
mlnpo.ini -> %System32%\mlnpo.ini -> [Ver = | Size = 669949 bytes | Created Date = 1/2/2008 8:10:52 PM | Attr = HS]
mlnpo.ini2 -> %System32%\mlnpo.ini2 -> [Ver = | Size = 669949 bytes | Created Date = 1/2/2008 8:10:53 PM | Attr = HS]
mmlnn.ini -> %System32%\mmlnn.ini -> [Ver = | Size = 478289 bytes | Created Date = 12/22/2007 5:47:38 PM | Attr = HS]
mmlnn.ini2 -> %System32%\mmlnn.ini2 -> [Ver = | Size = 478289 bytes | Created Date = 12/22/2007 5:47:39 PM | Attr = HS]
NeroCheck .exe -> %System32%\NeroCheck .exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 12/22/2007 6:23:06 PM | Attr = ]
nmlnn.ini -> %System32%\nmlnn.ini -> [Ver = | Size = 9562 bytes | Created Date = 1/2/2008 11:12:57 PM | Attr = HS]
nmlnn.ini2 -> %System32%\nmlnn.ini2 -> [Ver = | Size = 9562 bytes | Created Date = 1/2/2008 11:12:58 PM | Attr = HS]
nnlmm.exe -> %System32%\nnlmm.exe -> [Ver = | Size = 1 bytes | Created Date = 12/29/2007 10:48:55 AM | Attr = ]
opnlm.dll -> %System32%\opnlm.dll -> [Ver = | Size = 339968 bytes | Created Date = 1/2/2008 8:10:48 PM | Attr = ]
opnlm.exe -> %System32%\opnlm.exe -> [Ver = | Size = 3584 bytes | Created Date = 1/15/2008 5:54:21 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/9/2008 6:34:36 PM | Attr = ]
qopqr.dll -> %System32%\qopqr.dll -> [Ver = | Size = 8560 bytes | Created Date = 12/29/2007 1:31:44 PM | Attr = ]
rqonl.exe -> %System32%\rqonl.exe -> [Ver = | Size = 1 bytes | Created Date = 12/29/2007 3:31:48 PM | Attr = ]
rqooo.exe -> %System32%\rqooo.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 5:23:11 AM | Attr = ]
rqrsr.exe -> %System32%\rqrsr.exe -> [Ver = | Size = 1 bytes | Created Date = 1/1/2008 1:55:09 AM | Attr = ]
rsrqr.ini -> %System32%\rsrqr.ini -> [Ver = | Size = 471455 bytes | Created Date = 1/1/2008 2:40:10 PM | Attr = HS]
rsrqr.ini2 -> %System32%\rsrqr.ini2 -> [Ver = | Size = 471455 bytes | Created Date = 1/1/2008 5:08:03 PM | Attr = HS]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/9/2008 6:34:36 PM | Attr = ]
urqnn.exe -> %System32%\urqnn.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 6:26:18 PM | Attr = ]
xxyvt.exe -> %System32%\xxyvt.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 4:08:40 PM | Attr = ]
xxyyx.exe -> %System32%\xxyyx.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 7:53:32 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/9/2008 6:35:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/9/2008 10:33:54 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 1/7/2008 5:49:29 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/7/2008 5:51:31 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 1/7/2008 5:46:45 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/6/2008 10:58:00 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/6/2008 10:58:00 PM | Attr = H ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 224 bytes | Created Date = 1/1/2008 11:36:21 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 254 bytes | Created Date = 1/8/2008 7:39:05 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/8/2008 8:03:06 PM | Attr = ]
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Created Date = 12/30/2007 6:24:04 PM | Attr = ]
microsoft -> %AllUsersDocuments%\microsoft -> [Folder | Created Date = 1/7/2008 5:30:21 PM | Attr = ]
Bulla_sage_puzzlepirates log -> %UserDocuments%\Bulla_sage_puzzlepirates log -> [Ver = | Size = 2543 bytes | Created Date = 1/6/2008 3:27:20 PM | Attr = ]
employment termination-- steve.doc -> %UserDocuments%\employment termination-- steve.doc -> [Ver = | Size = 19968 bytes | Created Date = 1/13/2008 10:12:50 PM | Attr = ]
Mom's cheese ball recipe.doc -> %UserDocuments%\Mom's cheese ball recipe.doc -> [Ver = | Size = 20480 bytes | Created Date = 12/21/2007 8:32:50 PM | Attr = ]
Phoneybill_sage_puzzlepirates log -> %UserDocuments%\Phoneybill_sage_puzzlepirates log -> [Ver = | Size = 24931 bytes | Created Date = 12/28/2007 11:53:48 AM | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 1/8/2008 8:03:13 PM | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 1/8/2008 8:03:13 PM | Attr = ]
Yahoo! Mail.lnk -> %AllUsersDesktop%\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Created Date = 12/23/2007 5:13:33 PM | Attr = ]
Yahoo! Messenger.lnk -> %AllUsersDesktop%\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Created Date = 1/8/2008 7:29:18 AM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/10/2008 6:46:48 AM | Attr = ]
OneCare.lnk -> %UserDesktop%\OneCare.lnk -> [Ver = | Size = 846 bytes | Created Date = 1/8/2008 12:10:44 AM | Attr = ]
Panda ActiveScan.lnk -> %UserDesktop%\Panda ActiveScan.lnk -> [Ver = | Size = 1336 bytes | Created Date = 1/9/2008 8:39:53 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/15/2008 4:39:10 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/15/2008 4:37:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 12/30/2007 6:24:48 PM | Attr = HS]

[Files/Folders - Modified Within 30 days]
38C1.tmp -> %SystemDrive%\38C1.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/11/2008 11:21:42 PM | Attr = ]
3AFF.tmp -> %SystemDrive%\3AFF.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/9/2008 7:30:39 PM | Attr = ]
757E.tmp -> %SystemDrive%\757E.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/9/2008 9:29:15 PM | Attr = ]
AFFF.tmp -> %SystemDrive%\AFFF.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/10/2008 6:41:24 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/9/2008 6:10:06 PM | Attr = H ]
lj194 -> %SystemDrive%\lj194 -> [Folder | Modified Date = 12/23/2007 8:38:05 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 1/3/2008 7:36:58 PM | Attr = R ]
MyProjects -> %SystemDrive%\MyProjects -> [Folder | Modified Date = 12/25/2007 10:25:55 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/12/2008 6:27:56 PM | Attr = R ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 1:18:45 AM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 1:23:45 AM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 3:31:15 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 11:12:40 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/28/2007 4:46:36 PM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 1:18:45 AM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 1:23:45 AM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 3:31:15 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 11:12:39 PM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/28/2007 4:46:36 PM | Attr = H ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/7/2008 9:02:07 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/12/2008 11:28:28 AM | Attr = ]
dvd43llh.sys -> %System32%\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 1/12/2008 10:58:46 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/8/2008 11:05:55 PM | Attr = ]
PROCEXP.SYS -> %System32%\drivers\PROCEXP.SYS -> SysInternals [Ver = 6.00 | Size = 10140 bytes | Modified Date = 1/2/2008 9:58:53 PM | Attr = ]
000080.exe -> %System32%\000080.exe -> [Ver = | Size = 286288 bytes | Modified Date = 12/22/2007 12:54:36 AM | Attr = ]
aaeprntv.dll -> %System32%\aaeprntv.dll -> [Ver = | Size = 79424 bytes | Modified Date = 1/10/2008 5:26:28 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/11/2008 10:39:13 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 12/23/2007 3:54:07 PM | Attr = ]
bits -> %System32%\bits -> [Folder | Modified Date = 1/7/2008 5:26:14 PM | Attr = ]
bugbvflc.dll -> %System32%\bugbvflc.dll -> [Ver = | Size = 79424 bytes | Modified Date = 1/10/2008 5:29:11 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/7/2008 10:58:29 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/13/2008 11:30:19 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/7/2008 5:30:05 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 1/8/2008 7:41:14 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/15/2008 5:54:32 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/12/2008 9:35:58 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/7/2008 5:27:22 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 1/7/2008 5:51:45 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 123728 bytes | Modified Date = 12/29/2007 12:37:49 PM | Attr = ]
ggggh.ini -> %System32%\ggggh.ini -> [Ver = | Size = 470572 bytes | Modified Date = 1/2/2008 6:00:55 PM | Attr = HS]
ggggh.ini2 -> %System32%\ggggh.ini2 -> [Ver = | Size = 470572 bytes | Modified Date = 1/2/2008 6:00:56 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/11/2008 10:29:59 PM | Attr = ]
hgded.exe -> %System32%\hgded.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 10:21:15 AM | Attr = ]
hgggg.exe -> %System32%\hgggg.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 6:04:55 PM | Attr = ]
khfda.exe -> %System32%\khfda.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 11:30:03 PM | Attr = ]
kjjjl.ini -> %System32%\kjjjl.ini -> [Ver = | Size = 467982 bytes | Modified Date = 1/3/2008 7:36:42 PM | Attr = HS]
kjjjl.ini2 -> %System32%\kjjjl.ini2 -> [Ver = | Size = 467982 bytes | Modified Date = 1/3/2008 7:36:42 PM | Attr = HS]
ljjgd.dll -> %System32%\ljjgd.dll -> [Ver = | Size = 23160 bytes | Modified Date = 12/29/2007 9:36:49 AM | Attr = ]
lnoqr.ini -> %System32%\lnoqr.ini -> [Ver = | Size = 470902 bytes | Modified Date = 12/30/2007 7:50:45 PM | Attr = HS]
lnoqr.ini2 -> %System32%\lnoqr.ini2 -> [Ver = | Size = 470902 bytes | Modified Date = 12/30/2007 7:50:45 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 1/14/2008 6:37:40 PM | Attr = ]
mljii.exe -> %System32%\mljii.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/29/2007 5:35:27 PM | Attr = ]
mljji.exe -> %System32%\mljji.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 3:58:48 PM | Attr = ]
mlnpo.ini -> %System32%\mlnpo.ini -> [Ver = | Size = 0 bytes | Modified Date = 1/15/2008 4:41:05 PM | Attr = HS]
mlnpo.ini2 -> %System32%\mlnpo.ini2 -> [Ver = | Size = 669949 bytes | Modified Date = 1/15/2008 4:40:42 PM | Attr = HS]
mmlnn.ini -> %System32%\mmlnn.ini -> [Ver = | Size = 478289 bytes | Modified Date = 12/29/2007 10:18:32 PM | Attr = HS]
mmlnn.ini2 -> %System32%\mmlnn.ini2 -> [Ver = | Size = 478289 bytes | Modified Date = 12/29/2007 10:18:33 PM | Attr = HS]
NeroCheck .exe -> %System32%\NeroCheck .exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 12/28/2007 8:35:57 PM | Attr = ]
nmlnn.ini -> %System32%\nmlnn.ini -> [Ver = | Size = 9562 bytes | Modified Date = 1/5/2008 8:03:59 PM | Attr = HS]
nmlnn.ini2 -> %System32%\nmlnn.ini2 -> [Ver = | Size = 9562 bytes | Modified Date = 1/5/2008 8:03:59 PM | Attr = HS]
nnlmm.exe -> %System32%\nnlmm.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/29/2007 10:48:55 AM | Attr = ]
opnlm.dll -> %System32%\opnlm.dll -> [Ver = | Size = 339968 bytes | Modified Date = 1/2/2008 8:10:50 PM | Attr = ]
opnlm.exe -> %System32%\opnlm.exe -> [Ver = | Size = 3584 bytes | Modified Date = 1/15/2008 5:54:21 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/11/2008 10:29:59 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62286 bytes | Modified Date = 12/29/2007 12:47:53 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400624 bytes | Modified Date = 12/29/2007 12:47:53 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 452994 bytes | Modified Date = 12/29/2007 12:47:53 PM | Attr = ]
qopqr.dll -> %System32%\qopqr.dll -> [Ver = | Size = 8560 bytes | Modified Date = 12/29/2007 1:39:32 PM | Attr = ]
rqonl.exe -> %System32%\rqonl.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/29/2007 3:31:48 PM | Attr = ]
rqooo.exe -> %System32%\rqooo.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 5:23:11 AM | Attr = ]
rqrsr.exe -> %System32%\rqrsr.exe -> [Ver = | Size = 1 bytes | Modified Date = 1/1/2008 1:55:09 AM | Attr = ]
rsrqr.ini -> %System32%\rsrqr.ini -> [Ver = | Size = 471455 bytes | Modified Date = 1/2/2008 6:00:57 PM | Attr = HS]
rsrqr.ini2 -> %System32%\rsrqr.ini2 -> [Ver = | Size = 471455 bytes | Modified Date = 1/2/2008 6:01:00 PM | Attr = HS]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/11/2008 10:30:00 PM | Attr = ]
urqnn.exe -> %System32%\urqnn.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 6:26:18 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 1/10/2008 5:57:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 1/15/2008 10:39:38 AM | Attr = ]
xxyvt.exe -> %System32%\xxyvt.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 4:08:40 PM | Attr = ]
xxyyx.exe -> %System32%\xxyyx.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 7:53:32 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 6:28:19 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/10/2008 5:57:15 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 1/8/2008 7:40:24 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/10/2008 6:11:41 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/12/2008 1:06:21 PM | Attr = S]
Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 12/24/2007 1:55:08 PM | Attr = ]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 1/7/2008 12:10:01 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/29/2007 11:13:51 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/12/2008 9:23:32 AM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/8/2008 6:53:27 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 1/7/2008 5:50:21 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 1/7/2008 10:57:58 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 3:00:47 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/12/2008 9:23:44 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/9/2008 6:10:16 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/7/2008 5:50:32 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/29/2007 1:04:26 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/29/2007 12:37:48 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/15/2008 11:05:58 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/7/2008 9:44:26 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/15/2008 4:39:12 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/6/2008 10:58:00 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/14/2008 7:47:57 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/29/2007 12:43:49 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 1/9/2008 6:08:35 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/29/2007 11:08:23 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 231 bytes | Modified Date = 1/7/2008 5:08:43 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/15/2008 5:54:27 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/8/2008 7:39:05 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/15/2008 4:27:41 PM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 59 bytes | Modified Date = 1/9/2008 6:09:58 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 1/7/2008 5:50:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 775 bytes | Modified Date = 1/9/2008 6:42:13 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 224 bytes | Modified Date = 1/13/2008 9:15:42 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/29/2007 12:47:00 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 254 bytes | Modified Date = 1/15/2008 3:48:00 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/13/2008 4:55:07 PM | Attr = H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> [Ver = | Size = 432 bytes | Modified Date = 1/15/2008 5:54:17 AM | Attr = ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 362 bytes | Modified Date = 1/15/2008 2:00:00 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/8/2008 8:03:06 PM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 1/7/2008 5:32:39 PM | Attr = S]
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Modified Date = 1/8/2008 7:37:56 AM | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Modified Date = 12/23/2007 5:16:15 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 12/23/2007 8:04:09 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 1/8/2008 4:40:08 PM | Attr = S]
yahoo! -> %UserAppData%\yahoo! -> [Folder | Modified Date = 12/23/2007 8:07:50 PM | Attr = RH ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/29/2007 12:45:14 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/10/2008 5:48:50 PM | Attr = ]
microsoft -> %AllUsersDocuments%\microsoft -> [Folder | Modified Date = 1/7/2008 5:30:21 PM | Attr = ]
Bulla_sage_puzzlepirates log -> %UserDocuments%\Bulla_sage_puzzlepirates log -> [Ver = | Size = 2543 bytes | Modified Date = 1/6/2008 3:40:18 PM | Attr = ]
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 76 bytes | Modified Date = 1/7/2008 5:54:02 PM | Attr = HS]
employment termination-- steve.doc -> %UserDocuments%\employment termination-- steve.doc -> [Ver = | Size = 19968 bytes | Modified Date = 1/13/2008 10:12:50 PM | Attr = ]
Jacapo_sage_puzzlepirates log -> %UserDocuments%\Jacapo_sage_puzzlepirates log -> [Ver = | Size = 50438 bytes | Modified Date = 12/27/2007 2:12:00 PM | Attr = ]
Mom's cheese ball recipe.doc -> %UserDocuments%\Mom's cheese ball recipe.doc -> [Ver = | Size = 20480 bytes | Modified Date = 12/21/2007 8:32:50 PM | Attr = ]
Mortimerez_sage_puzzlepirates log -> %UserDocuments%\Mortimerez_sage_puzzlepirates log -> [Ver = | Size = 10675943 bytes | Modified Date = 1/6/2008 7:29:40 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/7/2008 5:54:03 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/8/2008 8:02:22 PM | Attr = R ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 556 bytes | Modified Date = 12/28/2007 1:32:06 AM | Attr = ]
Phoneybill_sage_puzzlepirates log -> %UserDocuments%\Phoneybill_sage_puzzlepirates log -> [Ver = | Size = 24931 bytes | Modified Date = 12/28/2007 5:10:46 PM | Attr = ]
Stowaway_sage_puzzlepirates log -> %UserDocuments%\Stowaway_sage_puzzlepirates log -> [Ver = | Size = 76445 bytes | Modified Date = 12/27/2007 1:30:26 PM | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 1/8/2008 8:03:13 PM | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 1/8/2008 8:03:13 PM | Attr = ]
Yahoo! Mail.lnk -> %AllUsersDesktop%\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Modified Date = 12/23/2007 5:13:33 PM | Attr = ]
Yahoo! Messenger.lnk -> %AllUsersDesktop%\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Modified Date = 1/8/2008 7:29:18 AM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/10/2008 6:46:48 AM | Attr = ]
marteny.doc -> %UserDesktop%\marteny.doc -> [Ver = | Size = 52736 bytes | Modified Date = 1/6/2008 7:58:55 PM | Attr = ]
marteny2.doc -> %UserDesktop%\marteny2.doc -> [Ver = | Size = 52736 bytes | Modified Date = 1/6/2008 7:43:44 PM | Attr = ]
OneCare.lnk -> %UserDesktop%\OneCare.lnk -> [Ver = | Size = 846 bytes | Modified Date = 1/8/2008 12:13:45 AM | Attr = ]
Panda ActiveScan.lnk -> %UserDesktop%\Panda ActiveScan.lnk -> [Ver = | Size = 1336 bytes | Modified Date = 1/9/2008 8:39:54 PM | Attr = ]
Program Downloads -> %UserDesktop%\Program Downloads -> [Folder | Modified Date = 1/12/2008 10:43:22 AM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/15/2008 4:39:10 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/15/2008 4:37:53 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk -> [Ver = | Size = 682 bytes | Modified Date = 1/12/2008 6:18:41 PM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 1/9/2008 6:09:21 PM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 12/29/2007 11:14:43 AM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 12/30/2007 6:26:40 PM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/8/2008 8:01:40 PM | Attr = ]
ent.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Windows OneCare Live\ent.dat -> [Ver = | Size = 11616 bytes | Modified Date = 1/7/2008 5:36:49 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 1/14/2008 6:20:41 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5625 bytes | Modified Date = 1/14/2008 6:20:41 AM | Attr = ]
Perflib_Perfdata_1068.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_1068.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/1/2007 4:02:14 PM | Attr = ]
Perflib_Perfdata_138.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_138.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2007 8:45:22 PM | Attr = ]
Perflib_Perfdata_1570.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_1570.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/28/2007 3:38:02 PM | Attr = ]
Perflib_Perfdata_c5c.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_c5c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/24/2007 12:56:57 AM | Attr = ]
Perflib_Perfdata_e10.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_e10.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/15/2007 4:20:56 AM | Attr = ]
Perflib_Perfdata_eac.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_eac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/24/2007 8:06:49 AM | Attr = ]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 212992 bytes | Modified Date = 1/15/2008 4:35:31 PM | Attr = ]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\History\History.IE5\index.dat -> [Ver = | Size = 425984 bytes | Modified Date = 1/15/2008 4:35:31 PM | Attr = ]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\History\History.IE5\MSHist012008011520080116\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 1/15/2008 4:36:25 PM | Attr = HS]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 7454720 bytes | Modified Date = 1/15/2008 4:35:31 PM | Attr = ]
WebUpdate.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\WebUpdate.ini -> [Ver = | Size = 96 bytes | Modified Date = 9/10/2006 11:48:12 AM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 664 bytes | Modified Date = 12/3/2007 5:57:22 PM | Attr = ]
ISUSRT.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\{D8150F10-196F-4EE0-8DFB-FF830DD87B04}\{5BA32238-AE28-4EAD-AD7E-01356597DC8B}\ISUSRT.ini -> [Ver = | Size = 476 bytes | Modified Date = 5/13/2005 9:40:16 AM | Attr = ]
desktop.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 6/15/2007 4:58:34 PM | Attr = HS]
desktop.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 11:31:22 AM | Attr = HS]
blank[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blank[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
blue_help[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_help[1].gif -> [Ver = | Size = 261 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_localRadar[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_localRadar[1].gif -> [Ver = | Size = 480 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_search[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_search[1].gif -> [Ver = | Size = 286 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
blue_ski[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_ski[1].gif -> [Ver = | Size = 455 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_weatherStation[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_weatherStation[1].gif -> [Ver = | Size = 459 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
CLSM-00014-CMb11_125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\CLSM-00014-CMb11_125x125[1].gif -> [Ver = | Size = 11274 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
epa-good[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\epa-good[1].gif -> [Ver = | Size = 535 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
epa-moderate[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\epa-moderate[1].gif -> [Ver = | Size = 535 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
highleftr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\highleftr[1].gif -> [Ver = | Size = 825 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
leftGradDARK[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\leftGradDARK[1].gif -> [Ver = | Size = 104 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
nt_partlycloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\nt_partlycloudy[1].gif -> [Ver = | Size = 673 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
pollen[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\pollen[1].gif -> [Ver = | Size = 1398 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
r5c2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\r5c2[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
rte-resize-down[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\rte-resize-down[1].gif -> [Ver = | Size = 551 bytes | Modified Date = 1/15/2008 4:29:33 PM | Attr = ]
smalllogo2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\smalllogo2[1].gif -> [Ver = | Size = 707 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
spacer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\spacer[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
statefarm_logo[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\statefarm_logo[1].gif -> [Ver = | Size = 2658 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
sunny[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\sunny[1].gif -> [Ver = | Size = 864 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
TAanimatedR[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\TAanimatedR[1].gif -> [Ver = | Size = 131 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
tile_back[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\tile_back[1].gif -> [Ver = | Size = 940 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
tile_cat[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\tile_cat[1].gif -> [Ver = | Size = 2760 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
topDarkLight2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\topDarkLight2[1].gif -> [Ver = | Size = 257 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
topLightLight2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\topLightLight2[1].gif -> [Ver = | Size = 209 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
Trip-Paris[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\Trip-Paris[1].gif -> [Ver = | Size = 1032 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
VDON_VTG_creative[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\VDON_VTG_creative[1].gif -> [Ver = | Size = 7384 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
whiteT[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\whiteT[1].gif -> [Ver = | Size = 204 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
x-click-but04[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\x-click-but04[1].gif -> [Ver = | Size = 2127 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
360arrows_blue[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\360arrows_blue[1].gif -> [Ver = | Size = 37343 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
9903798-10[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\9903798-10[1].gif -> [Ver = | Size = 48706 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
arrow-up[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\arrow-up[1].gif -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
blue_forecastFlyer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\blue_forecastFlyer[1].gif -> [Ver = | Size = 254 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_tripPlanner[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\blue_tripPlanner[1].gif -> [Ver = | Size = 460 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
clear[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\clear[1].gif -> [Ver = | Size = 49 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
clear[2].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\clear[2].gif -> [Ver = | Size = 864 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
cloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\cloudy[1].gif -> [Ver = | Size = 808 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
forums-navbar[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\forums-navbar[1].gif -> [Ver = | Size = 9088 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
ical[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\ical[1].gif -> [Ver = | Size = 460 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
index[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\index[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:33 PM | Attr = ]
logo_footer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\logo_footer[1].gif -> [Ver = | Size = 1747 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
menu_action_down[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\menu_action_down[1].gif -> [Ver = | Size = 100 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
moon23[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\moon23[1].gif -> [Ver = | Size = 2271 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
nt_sunny[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\nt_sunny[1].gif -> [Ver = | Size = 680 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
partlycloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\partlycloudy[1].gif -> [Ver = | Size = 748 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
p_mq_add[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\p_mq_add[1].gif -> [Ver = | Size = 1712 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
r5c5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\r5c5[1].gif -> [Ver = | Size = 99 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
rssmini[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\rssmini[1].gif -> [Ver = | Size = 295 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
statefarmbanner[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\statefarmbanner[1].gif -> [Ver = | Size = 5888 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TAanimatedBR[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\TAanimatedBR[1].gif -> [Ver = | Size = 346 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TAanimatedL[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\TAanimatedL[1].gif -> [Ver = | Size = 131 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
topDark[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\topDark[1].gif -> [Ver = | Size = 126 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
topLightLightBar_noGrad[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\topLightLightBar_noGrad[1].gif -> [Ver = | Size = 104 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
to_post_off[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\to_post_off[1].gif -> [Ver = | Size = 64 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
TripAdvisor-TL[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\TripAdvisor-TL[1].gif -> [Ver = | Size = 381 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
wxRadio[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\wxRadio[1].gif -> [Ver = | Size = 4307 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
300x250-warning-v1-a-fred-s[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\300x250-warning-v1-a-fred-s[1].gif -> [Ver = | Size = 7793 bytes | Modified Date = 1/15/2008 4:29:11 PM | Attr = ]
alert-icon[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\alert-icon[1].gif -> [Ver = | Size = 609 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
arrow-down[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\arrow-down[1].gif -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
Astro[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\Astro[1].gif -> [Ver = | Size = 150 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_noWarning[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blue_noWarning[1].gif -> [Ver = | Size = 301 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
blue_radio[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blue_radio[1].gif -> [Ver = | Size = 284 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_snowDepth[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blue_snowDepth[1].gif -> [Ver = | Size = 473 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
highrightr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\highrightr[1].gif -> [Ver = | Size = 822 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
icon13[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon13[1].gif -> [Ver = | Size = 1104 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
insideBGleft[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\insideBGleft[1].gif -> [Ver = | Size = 116 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
lowleftr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\lowleftr[1].gif -> [Ver = | Size = 822 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
menu_action_down-padded[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\menu_action_down-padded[1].gif -> [Ver = | Size = 838 bytes | Modified Date = 1/15/2008 4:34:48 PM | Attr = ]
moon16[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\moon16[1].gif -> [Ver = | Size = 2488 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
moon7[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\moon7[1].gif -> [Ver = | Size = 2186 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
nav_m[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\nav_m[1].gif -> [Ver = | Size = 53 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
nt_chancesnow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\nt_chancesnow[1].gif -> [Ver = | Size = 895 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
p_up[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\p_up[1].gif -> [Ver = | Size = 1402 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
question-icon[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\question-icon[1].gif -> [Ver = | Size = 1234 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
r3c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\r3c1[1].gif -> [Ver = | Size = 71 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
r4c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\r4c1[1].gif -> [Ver = | Size = 121 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
r4c5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\r4c5[1].gif -> [Ver = | Size = 154 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
rte_tile[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\rte_tile[1].gif -> [Ver = | Size = 859 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
snow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\snow[1].gif -> [Ver = | Size = 816 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TAanimatedBL[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\TAanimatedBL[1].gif -> [Ver = | Size = 345 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TAanimatedB[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\TAanimatedB[1].gif -> [Ver = | Size = 7265 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
tile_sub-lite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\tile_sub-lite[1].gif -> [Ver = | Size = 1511 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
tile_sub[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\tile_sub[1].gif -> [Ver = | Size = 1581 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
topGrey2White_grad[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\topGrey2White_grad[1].gif -> [Ver = | Size = 267 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
TripAdvisor-TR[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\TripAdvisor-TR[1].gif -> [Ver = | Size = 382 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
t_qr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\t_qr[1].gif -> [Ver = | Size = 1972 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
t_reply[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\t_reply[1].gif -> [Ver = | Size = 1957 bytes | Modified Date = 1/15/2008 4:29:33 PM | Attr = ]
wunderTransparent3[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\wunderTransparent3[1].gif -> [Ver = | Size = 4767 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\125x125[1].gif -> [Ver = | Size = 15170 bytes | Modified Date = 1/15/2008 4:29:10 PM | Attr = ]
anyadd[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\anyadd[1].gif -> [Ver = | Size = 565 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
blue_hurricane[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_hurricane[1].gif -> [Ver = | Size = 305 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
blue_printer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_printer[1].gif -> [Ver = | Size = 234 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_radar[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_radar[1].gif -> [Ver = | Size = 454 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_satellite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_satellite[1].gif -> [Ver = | Size = 312 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
chancesnow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\chancesnow[1].gif -> [Ver = | Size = 759 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
clear[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\clear[1].gif -> [Ver = | Size = 49 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
css_pp_header[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\css_pp_header[1].gif -> [Ver = | Size = 2719 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
greyBARwhite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\greyBARwhite[1].gif -> [Ver = | Size = 89 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
loading_anim[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\loading_anim[1].gif -> [Ver = | Size = 2800 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
login-button[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\login-button[1].gif -> [Ver = | Size = 1226 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
lowrightr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\lowrightr[1].gif -> [Ver = | Size = 826 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
menu_item[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\menu_item[1].gif -> [Ver = | Size = 87 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
moon1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\moon1[1].gif -> [Ver = | Size = 1248 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
moon8[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\moon8[1].gif -> [Ver = | Size = 2223 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
nav[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\nav[1].gif -> [Ver = | Size = 113 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
nt_cloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\nt_cloudy[1].gif -> [Ver = | Size = 746 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
pip[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\pip[1].gif -> [Ver = | Size = 125 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
p_quote[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\p_quote[1].gif -> [Ver = | Size = 1588 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
r1c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\r1c1[1].gif -> [Ver = | Size = 275 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
r5c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\r5c1[1].gif -> [Ver = | Size = 72 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
rss[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\rss[1].gif -> [Ver = | Size = 353 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
rte-resize-up[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\rte-resize-up[1].gif -> [Ver = | Size = 594 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
sign-up10[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\sign-up10[1].gif -> [Ver = | Size = 5186 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
topLight[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\topLight[1].gif -> [Ver = | Size = 136 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
Trip-Vegas[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\Trip-Vegas[1].gif -> [Ver = | Size = 954 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TripAdvisor-Blinky[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\TripAdvisor-Blinky[1].gif -> [Ver = | Size = 3363 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TripAdvisor-T[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\TripAdvisor-T[1].gif -> [Ver = | Size = 77 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
t_new[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\t_new[1].gif -> [Ver = | Size = 1947 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]

< End of report >

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:00 AM

Posted 15 January 2008 - 05:58 PM

Hi marteny. Let's see if we can clean some of this up. Please print these directions and then follow the steps below in order.

Step #1

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
*.update_microsoft.com [https] -> Trusted sites
YN -> {58A839B2-2252-47D8-8E27-76ECFB247DBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {7645B948-C8BA-4FCF-A989-482CD7AFEAB3} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.]
YY -> {95e853f2-d8a9-4f1b-99a7-148c422ab5e6} [HKEY_LOCAL_MACHINE] -> %System32%\bugbvflc.dll [Reg Error: Value does not exist or could not be read.]
YN -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\vtuutrp.dll [Reg Error: Value does not exist or could not be read.]
YY -> {F34C67C2-15EE-46B0-B3E0-FA36F5A42AA0} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\windows\system32\opnlm -> %System32%\opnlm.exe
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mercora\MercoraClient.exe -> C:\Program Files\Mercora\MercoraClient.exe [C:\Program Files\Mercora\MercoraClient.exe:*:Enabled:Mercora IM Radio Client 5.1]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Octoshape Streaming Services\Marty\OctoshapeClient.exe -> C:\Program Files\Octoshape Streaming Services\Marty\OctoshapeClient.exe [C:\Program Files\Octoshape Streaming Services\Marty\OctoshapeClient.exe:*:Enabled:OctoshapeClient]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe -> C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe [C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\MOHAA\MOHAA.exe -> C:\Program Files\EA GAMES\MOHAA\MOHAA.exe [C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe -> C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe [C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe -> C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe [C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe:*:Disabled:GoogleToolbarNotifier]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MostFun\Bin\MostFun.exe -> C:\Program Files\MostFun\Bin\MostFun.exe [C:\Program Files\MostFun\Bin\MostFun.exe:*:Disabled:MostFun Agent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\MsnMsgr .Exe -> C:\Program Files\MSN Messenger\MsnMsgr .Exe [C:\Program Files\MSN Messenger\MsnMsgr .Exe:*:Disabled:Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MySpace\IM\MySpaceIM .exe -> C:\Program Files\MySpace\IM\MySpaceIM .exe [C:\Program Files\MySpace\IM\MySpaceIM .exe:*:Enabled:MySpaceIM ]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger]
[Files/Folders - Created Within 30 days]
NY -> 38C1.tmp -> %SystemDrive%\38C1.tmp
NY -> 3AFF.tmp -> %SystemDrive%\3AFF.tmp
NY -> 757E.tmp -> %SystemDrive%\757E.tmp
NY -> AFFF.tmp -> %SystemDrive%\AFFF.tmp
NY -> lj194 -> %SystemDrive%\lj194
NY -> 000080.exe -> %System32%\000080.exe
NY -> aaeprntv.dll -> %System32%\aaeprntv.dll
NY -> bugbvflc.dll -> %System32%\bugbvflc.dll
NY -> ggggh.ini -> %System32%\ggggh.ini
NY -> ggggh.ini2 -> %System32%\ggggh.ini2
NY -> hgded.exe -> %System32%\hgded.exe
NY -> hgggg.exe -> %System32%\hgggg.exe
NY -> khfda.exe -> %System32%\khfda.exe
NY -> kjjjl.ini -> %System32%\kjjjl.ini
NY -> kjjjl.ini2 -> %System32%\kjjjl.ini2
NY -> ljjgd.dll -> %System32%\ljjgd.dll
NY -> lnoqr.ini -> %System32%\lnoqr.ini
NY -> lnoqr.ini2 -> %System32%\lnoqr.ini2
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mljii.exe -> %System32%\mljii.exe
NY -> mljji.exe -> %System32%\mljji.exe
NY -> mlnpo.ini -> %System32%\mlnpo.ini
NY -> mlnpo.ini2 -> %System32%\mlnpo.ini2
NY -> mmlnn.ini -> %System32%\mmlnn.ini
NY -> mmlnn.ini2 -> %System32%\mmlnn.ini2
NY -> nmlnn.ini -> %System32%\nmlnn.ini
NY -> nmlnn.ini2 -> %System32%\nmlnn.ini2
NY -> nnlmm.exe -> %System32%\nnlmm.exe
NY -> opnlm.dll -> %System32%\opnlm.dll
NY -> opnlm.exe -> %System32%\opnlm.exe
NY -> qopqr.dll -> %System32%\qopqr.dll
NY -> rqonl.exe -> %System32%\rqonl.exe
NY -> rqooo.exe -> %System32%\rqooo.exe
NY -> rqrsr.exe -> %System32%\rqrsr.exe
NY -> rsrqr.ini -> %System32%\rsrqr.ini
NY -> rsrqr.ini2 -> %System32%\rsrqr.ini2
NY -> urqnn.exe -> %System32%\urqnn.exe
NY -> xxyvt.exe -> %System32%\xxyvt.exe
NY -> xxyyx.exe -> %System32%\xxyyx.exe
[Files/Folders - Modified Within 30 days]
NY -> 38C1.tmp -> %SystemDrive%\38C1.tmp
NY -> 3AFF.tmp -> %SystemDrive%\3AFF.tmp
NY -> 757E.tmp -> %SystemDrive%\757E.tmp
NY -> AFFF.tmp -> %SystemDrive%\AFFF.tmp
NY -> lj194 -> %SystemDrive%\lj194
NY -> 000080.exe -> %System32%\000080.exe
NY -> aaeprntv.dll -> %System32%\aaeprntv.dll
NY -> bugbvflc.dll -> %System32%\bugbvflc.dll
NY -> ggggh.ini -> %System32%\ggggh.ini
NY -> ggggh.ini2 -> %System32%\ggggh.ini2
NY -> hgded.exe -> %System32%\hgded.exe
NY -> hgggg.exe -> %System32%\hgggg.exe
NY -> khfda.exe -> %System32%\khfda.exe
NY -> kjjjl.ini -> %System32%\kjjjl.ini
NY -> kjjjl.ini2 -> %System32%\kjjjl.ini2
NY -> ljjgd.dll -> %System32%\ljjgd.dll
NY -> lnoqr.ini -> %System32%\lnoqr.ini
NY -> lnoqr.ini2 -> %System32%\lnoqr.ini2
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mljii.exe -> %System32%\mljii.exe
NY -> mljji.exe -> %System32%\mljji.exe
NY -> mlnpo.ini -> %System32%\mlnpo.ini
NY -> mlnpo.ini2 -> %System32%\mlnpo.ini2
NY -> mmlnn.ini -> %System32%\mmlnn.ini
NY -> mmlnn.ini2 -> %System32%\mmlnn.ini2
NY -> nmlnn.ini -> %System32%\nmlnn.ini
NY -> nmlnn.ini2 -> %System32%\nmlnn.ini2
NY -> nnlmm.exe -> %System32%\nnlmm.exe
NY -> opnlm.dll -> %System32%\opnlm.dll
NY -> opnlm.exe -> %System32%\opnlm.exe
NY -> qopqr.dll -> %System32%\qopqr.dll
NY -> rqonl.exe -> %System32%\rqonl.exe
NY -> rqooo.exe -> %System32%\rqooo.exe
NY -> rqrsr.exe -> %System32%\rqrsr.exe
NY -> rsrqr.ini -> %System32%\rsrqr.ini
NY -> rsrqr.ini2 -> %System32%\rsrqr.ini2
NY -> urqnn.exe -> %System32%\urqnn.exe
NY -> xxyvt.exe -> %System32%\xxyvt.exe
NY -> xxyyx.exe -> %System32%\xxyyx.exe
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> vbaddin.ini -> %SystemRoot%\vbaddin.ini
[Empty Temp Folders]
[Start Explorer]

Save the document to your desktop as wpf35.txt and close Notepad.

Step #2

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Close SUPERAntiSpyware, we will come back to it later on.
Step #3

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Step #4

Start SUPERAntiSpyware agin and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Now start WinPFind35U. Open Notepad and then open the wpf35.txt file that you saved to your desktop. Copy/paste the contents of the Notepad file into the WinPFind35u textbox where it says Paste Fix Here and click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot the computer normally.

Step #6

Post the following back here:
  • the VundoFix log (c:\vundofix.txt)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u\MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 January 2008 - 10:02 PM

scan log from SuperAntiSpyware--- starting step #5 now

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 08:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:45:09

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 5663
Registry threats detected : 4
File items scanned : 67058
File threats detected : 269

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}
HKCR\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}
HKCR\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}\InprocServer32
HKCR\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLJII.DLL

Adware.Tracking Cookie
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@web4.realtracker[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.addynamix[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adecn[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@msnservices.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@microsoftwga.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adlegend[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.evtv1[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1070529794[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@anad.tacoda[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@msnportal.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@aff.primaryads[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@rambler[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@login.tracking101[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@gcc[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@90594700[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1072669009[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@findwhat[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@h.starware[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@specificclick[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adinterax[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.clickmanage[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@partner2profit[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@fastclick[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@advertising[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tribalfusion[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.realtechnetwork[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@atdmt[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@data3.perf.overture[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@eb.adbureau[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@revsci[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tacoda[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@hearstmagazines.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@cgi-bin[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@bizadverts[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tracking.foxnews[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@server.iad.liveperson[3].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@revenue[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@statsgod[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@heavycom.122.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@questionmarket[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@collective-media[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1070525971[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tremor.adbureau[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adopt.specificclick[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@cpvfeed[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.googleadservices[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@interclick[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adbrite[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@media.adrevolver[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1057644355[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.admedia365[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.gmodules[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.ticketsnow[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@lynxtrack[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@stats.sellmosoft[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@4.adbrite[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@bizrate[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@stat.dealtime[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@trafficmp[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.monster[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adrevolver[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@doubleclick[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.pointroll[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.adbrite[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@media.adrevolver[3].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@cgi-bin[3].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@indiads[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@dealtime[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@mediaplex[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@anat.tacoda[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@17199694[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@hotlog[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.revsci[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@pro-market[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@precisionclick[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@hitbox[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@perf.overture[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adredired[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@pandasoftware.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@educationconnection.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.cnn[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@brightcove.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@casalemedia[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ehg-cruisedirect.hitbox[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@s.clickability[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1071890695[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ad.yieldmanager[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@xos.adbureau[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@kanoodle[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@clickauditor[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@overture[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@zedo[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@atwola[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@publishers.clickbooth[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ad2networks.advertserve[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@statcounter[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@login.revenueloop[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@server.iad.liveperson[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@realmedia[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@apmebf[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ehg-foxsports.hitbox[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@burstnet[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@network.realmedia[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@4.adbrite[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ad.yieldmanager[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ad2networks.advertserve[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adbrite[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adecn[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adinterax[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adlegend[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adopt.specificclick[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adredired[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adrevolver[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.adbrite[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.addynamix[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.cnn[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.evtv1[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.gmodules[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.monster[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.pointroll[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.realtechnetwork[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.revsci[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@advertising[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@aff.primaryads[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@anad.tacoda[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@anat.tacoda[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@apmebf[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@atdmt[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@atwola[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@bizadverts[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@bizrate[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@brightcove.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@burstnet[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@casalemedia[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@clickauditor[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@collective-media[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@cpvfeed[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@data3.perf.overture[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@dealtime[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@doubleclick[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@eb.adbureau[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@educationconnection.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ehg-cruisedirect.hitbox[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@fastclick[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@findwhat[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@h.starware[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@heavycom.122.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@hitbox[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@hotlog[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@interclick[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@kanoodle[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@login.revenueloop[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@login.tracking101[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@lynxtrack[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@media.adrevolver[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@media.adrevolver[3].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@mediaplex[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@msnportal.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@msnservices.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@network.realmedia[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@overture[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@partner2profit[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@perf.overture[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@precisionclick[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@pro-market[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@publishers.clickbooth[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@questionmarket[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@realmedia[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@revenue[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@revsci[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@s.clickability[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@server.iad.liveperson[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@server.iad.liveperson[3].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@specificclick[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@stat.dealtime[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@statcounter[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@stats.sellmosoft[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@statsgod[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tacoda[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tracking.foxnews[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@trafficmp[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tremor.adbureau[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tribalfusion[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@web4.realtracker[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.admedia365[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.clickmanage[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.googleadservices[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.ticketsnow[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@xos.adbureau[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@zedo[1].txt
C:\Documents and Settings\Steve\Cookies\steve@2o7[1].txt
C:\Documents and Settings\Steve\Cookies\steve@ad.yieldmanager[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adinterax[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adopt.euroclick[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[1].txt
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adrevolver[1].txt
C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt
C:\Documents and Settings\Steve\Cookies\steve@apmebf[1].txt
C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt
C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt
C:\Documents and Settings\Steve\Cookies\steve@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Steve\Cookies\steve@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Steve\Cookies\steve@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Steve\Cookies\steve@hitbox[2].txt
C:\Documents and Settings\Steve\Cookies\steve@interclick[2].txt
C:\Documents and Settings\Steve\Cookies\steve@interclick[3].txt
C:\Documents and Settings\Steve\Cookies\steve@media.adrevolver[1].txt
C:\Documents and Settings\Steve\Cookies\steve@media.adrevolver[2].txt
C:\Documents and Settings\Steve\Cookies\steve@media.adrevolver[4].txt
C:\Documents and Settings\Steve\Cookies\steve@mediaplex[1].txt
C:\Documents and Settings\Steve\Cookies\steve@msnportal.112.2o7[1].txt
C:\Documents and Settings\Steve\Cookies\steve@msnportal.112.2o7[2].txt
C:\Documents and Settings\Steve\Cookies\steve@richmedia.yahoo[2].txt
C:\Documents and Settings\Steve\Cookies\steve@serving-sys[1].txt
C:\Documents and Settings\Steve\Cookies\steve@trafficmp[1].txt
C:\Documents and Settings\Steve\Cookies\steve@trafficmp[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@2o7[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ad.yieldmanager[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adinterax[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adlegend[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adopt.euroclick[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adopt.specificclick[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adrevolver[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adrevolver[3].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ads.glispa[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ads.pointroll[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adserver[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@advertising[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@apmebf[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@atdmt[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@bs.serving-sys[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@casalemedia[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@citi.bridgetrack[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@directtrack[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@doubleclick[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@eb.adbureau[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@fastclick[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@hitbox[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@jamster[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@media.adrevolver[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@media6degrees[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@mediaplex[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@millnicmedia.directtrack[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@msnportal.112.2o7[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@partner2profit[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@questionmarket[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@realmedia[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@reduxads.valuead[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@revsci[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@richmedia.yahoo[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@server.cpmstar[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@serving-sys[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@specificclick[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@tacoda[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@trafficmp[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@tremor.adbureau[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@tribalfusion[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@videoegg.adbureau[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@zedo[1].txt

Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{03145A03-AA68-4F5E-B2FF-B5422FFBB00F}\RP509\A0114759.EXE

#7 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 January 2008 - 10:41 PM

computer locked up twice during the WinPFind35U fix after wpf35.txt added to textbox. i rebooted each time-- it started up fine.

VundoFix log:


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:13:02 PM 1/15/2008

Listing files found while scanning....

C:\windows\system32\aaeprntv.dll
C:\windows\system32\bugbvflc.dll
C:\windows\system32\ljjgd.dll
C:\windows\system32\mlnpo.ini
C:\windows\system32\mlnpo.ini2
C:\windows\system32\opnlm.dll
C:\windows\system32\qopqr.dll

Beginning removal...

Attempting to delete C:\windows\system32\aaeprntv.dll
C:\windows\system32\aaeprntv.dll Has been deleted!

Attempting to delete C:\windows\system32\bugbvflc.dll
C:\windows\system32\bugbvflc.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjgd.dll
C:\windows\system32\ljjgd.dll Has been deleted!

Attempting to delete C:\windows\system32\mlnpo.ini
C:\windows\system32\mlnpo.ini Has been deleted!

Attempting to delete C:\windows\system32\mlnpo.ini2
C:\windows\system32\mlnpo.ini2 Has been deleted!

Attempting to delete C:\windows\system32\opnlm.dll
C:\windows\system32\opnlm.dll Has been deleted!

Attempting to delete C:\windows\system32\qopqr.dll
C:\windows\system32\qopqr.dll Has been deleted!

Performing Repairs to the registry.
Done!


SuperAntispy report already submitted, here it is again:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 08:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:45:09

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 5663
Registry threats detected : 4
File items scanned : 67058
File threats detected : 269

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}
HKCR\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}
HKCR\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}\InprocServer32
HKCR\CLSID\{AA291EC0-7066-4DAA-B86B-1F48FE12E3E8}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLJII.DLL

Adware.Tracking Cookie
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@web4.realtracker[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.addynamix[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adecn[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@msnservices.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@microsoftwga.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adlegend[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.evtv1[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1070529794[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@anad.tacoda[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@msnportal.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@aff.primaryads[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@rambler[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@login.tracking101[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@gcc[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@90594700[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1072669009[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@findwhat[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@h.starware[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@specificclick[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adinterax[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.clickmanage[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@partner2profit[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@fastclick[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@advertising[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tribalfusion[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.realtechnetwork[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@atdmt[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@data3.perf.overture[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@eb.adbureau[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@revsci[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tacoda[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@hearstmagazines.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@cgi-bin[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@bizadverts[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tracking.foxnews[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@server.iad.liveperson[3].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@revenue[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@statsgod[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@heavycom.122.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@questionmarket[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@collective-media[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1070525971[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@tremor.adbureau[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adopt.specificclick[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@cpvfeed[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.googleadservices[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@interclick[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adbrite[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@media.adrevolver[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1057644355[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.admedia365[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.gmodules[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@www.ticketsnow[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@lynxtrack[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@stats.sellmosoft[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@4.adbrite[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@bizrate[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@stat.dealtime[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@trafficmp[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.monster[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adrevolver[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@doubleclick[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.pointroll[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.adbrite[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@media.adrevolver[3].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@cgi-bin[3].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@indiads[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@dealtime[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@mediaplex[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@anat.tacoda[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@17199694[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@hotlog[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.revsci[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@pro-market[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@precisionclick[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@hitbox[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@perf.overture[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@adredired[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@pandasoftware.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@educationconnection.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ads.cnn[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@brightcove.112.2o7[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@casalemedia[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ehg-cruisedirect.hitbox[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@s.clickability[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@1071890695[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ad.yieldmanager[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@xos.adbureau[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@kanoodle[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@clickauditor[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@overture[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@zedo[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@atwola[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@publishers.clickbooth[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ad2networks.advertserve[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@statcounter[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@login.revenueloop[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@server.iad.liveperson[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@realmedia[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@apmebf[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@ehg-foxsports.hitbox[2].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@burstnet[1].txt
C:\DOCUME~1\Marty\LOCALS~1\Temp\Cookies\marty@network.realmedia[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@4.adbrite[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ad.yieldmanager[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ad2networks.advertserve[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adbrite[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adecn[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adinterax[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adlegend[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adopt.specificclick[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adredired[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@adrevolver[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.adbrite[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.addynamix[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.cnn[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.evtv1[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.gmodules[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.monster[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.pointroll[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.realtechnetwork[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ads.revsci[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@advertising[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@aff.primaryads[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@anad.tacoda[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@anat.tacoda[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@apmebf[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@atdmt[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@atwola[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@bizadverts[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@bizrate[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@brightcove.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@burstnet[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@casalemedia[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@clickauditor[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@collective-media[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@cpvfeed[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@data3.perf.overture[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@dealtime[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@doubleclick[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@eb.adbureau[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@educationconnection.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ehg-cruisedirect.hitbox[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@fastclick[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@findwhat[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@h.starware[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@heavycom.122.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@hitbox[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@hotlog[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@interclick[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@kanoodle[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@login.revenueloop[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@login.tracking101[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@lynxtrack[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@media.adrevolver[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@media.adrevolver[3].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@mediaplex[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@msnportal.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@msnservices.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@network.realmedia[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@overture[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@partner2profit[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@perf.overture[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@precisionclick[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@pro-market[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@publishers.clickbooth[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@questionmarket[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@realmedia[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@revenue[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@revsci[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@s.clickability[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@server.iad.liveperson[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@server.iad.liveperson[3].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@specificclick[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@stat.dealtime[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@statcounter[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@stats.sellmosoft[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@statsgod[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tacoda[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tracking.foxnews[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@trafficmp[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tremor.adbureau[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@tribalfusion[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@web4.realtracker[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.admedia365[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.clickmanage[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.googleadservices[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@www.ticketsnow[1].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@xos.adbureau[2].txt
C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\marty@zedo[1].txt
C:\Documents and Settings\Steve\Cookies\steve@2o7[1].txt
C:\Documents and Settings\Steve\Cookies\steve@ad.yieldmanager[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adinterax[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adopt.euroclick[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[1].txt
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[2].txt
C:\Documents and Settings\Steve\Cookies\steve@adrevolver[1].txt
C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt
C:\Documents and Settings\Steve\Cookies\steve@apmebf[1].txt
C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt
C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt
C:\Documents and Settings\Steve\Cookies\steve@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Steve\Cookies\steve@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Steve\Cookies\steve@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Steve\Cookies\steve@hitbox[2].txt
C:\Documents and Settings\Steve\Cookies\steve@interclick[2].txt
C:\Documents and Settings\Steve\Cookies\steve@interclick[3].txt
C:\Documents and Settings\Steve\Cookies\steve@media.adrevolver[1].txt
C:\Documents and Settings\Steve\Cookies\steve@media.adrevolver[2].txt
C:\Documents and Settings\Steve\Cookies\steve@media.adrevolver[4].txt
C:\Documents and Settings\Steve\Cookies\steve@mediaplex[1].txt
C:\Documents and Settings\Steve\Cookies\steve@msnportal.112.2o7[1].txt
C:\Documents and Settings\Steve\Cookies\steve@msnportal.112.2o7[2].txt
C:\Documents and Settings\Steve\Cookies\steve@richmedia.yahoo[2].txt
C:\Documents and Settings\Steve\Cookies\steve@serving-sys[1].txt
C:\Documents and Settings\Steve\Cookies\steve@trafficmp[1].txt
C:\Documents and Settings\Steve\Cookies\steve@trafficmp[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@2o7[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ad.yieldmanager[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adinterax[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adlegend[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adopt.euroclick[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adopt.specificclick[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adrevolver[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adrevolver[3].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ads.glispa[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ads.pointroll[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@adserver[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@advertising[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@apmebf[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@atdmt[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@bs.serving-sys[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@casalemedia[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@citi.bridgetrack[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@directtrack[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@doubleclick[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@eb.adbureau[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@fastclick[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@hitbox[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@jamster[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@media.adrevolver[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@media6degrees[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@mediaplex[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@millnicmedia.directtrack[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@msnportal.112.2o7[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@partner2profit[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@questionmarket[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@realmedia[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@reduxads.valuead[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@revsci[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@richmedia.yahoo[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@server.cpmstar[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@serving-sys[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@specificclick[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@tacoda[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@trafficmp[1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@tremor.adbureau[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@tribalfusion[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@videoegg.adbureau[2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\steve@zedo[1].txt

Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{03145A03-AA68-4F5E-B2FF-B5422FFBB00F}\RP509\A0114759.EXE


WinPFind35U report doesn't exist-- MovedFiles Folder is empty.

i am now following through in step #6 to runn the new WinPFind35U report after restart

#8 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 January 2008 - 10:51 PM

this is the last winpfind35u report--- but I don't think the fix worked

WinPFind35 logfile created on: 1/15/2008 10:44:47 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Marty\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.79% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 160000;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 179.01 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MARTYNTENAS
Current User Name: Marty
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20548 bytes | Modified Date = 2/28/2004 1:30:34 AM | Attr = ]
nsvcip.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [Ver = | Size = 106557 bytes | Modified Date = 5/17/2004 1:33:10 PM | Attr = ]
nsvclog.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [Ver = | Size = 53313 bytes | Modified Date = 5/17/2004 1:32:38 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 114755 bytes | Modified Date = 1/28/2002 7:10:20 AM | Attr = R ]
hpzipm12.exe -> %System32%\spool\drivers\w32x86\3\HPZIPM12.EXE -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 10/7/2004 10:24:02 PM | Attr = ]
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20548 bytes | Modified Date = 2/28/2004 1:30:34 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
kem.exe -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> Logitech Inc. [Ver = 2.12.801 | Size = 581632 bytes | Modified Date = 7/15/2004 10:56:56 AM | Attr = ]
khalmnpr.exe -> %ProgramFiles%\Logitech\SetPoint\KHALMNPR.exe -> Logitech Inc. [Ver = 2.12.735 | Size = 29696 bytes | Modified Date = 6/8/2004 11:31:38 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20548 bytes | Modified Date = 2/28/2004 1:30:34 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/14/2007 2:34:53 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [Ver = | Size = 106557 bytes | Modified Date = 5/17/2004 1:33:10 PM | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [Ver = | Size = 53313 bytes | Modified Date = 5/17/2004 1:32:38 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 114755 bytes | Modified Date = 1/28/2002 7:10:20 AM | Attr = R ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\spool\drivers\w32x86\3\HPZIPM12.EXE -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 10/7/2004 10:24:02 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
KernelFaultCheck -> -> File not found
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 4112384 bytes | Modified Date = 1/28/2002 7:10:16 AM | Attr = R ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 81920 bytes | Modified Date = 1/28/2002 7:10:18 AM | Attr = R ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.6172 | Size = 843776 bytes | Modified Date = 1/28/2002 7:10:16 AM | Attr = R ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 9/6/2006 11:05:50 PM | Attr = HS]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> Logitech Inc. [Ver = 2.12.801 | Size = 581632 bytes | Modified Date = 7/15/2004 10:56:56 AM | Attr = ]
< Marty Startup Folder > -> C:\Documents and Settings\Marty\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 9/6/2006 11:05:50 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\vtuutrp.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
jkkkhhf -> jkkkhhf.dll -> File not found
vtuutrp -> vtuutrp.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.dogpile.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.wunderground.com/cgi-bin/findwe...ast?query=45440 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.dogpile.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.wunderground.com/cgi-bin/findwe...ast?query=45440 ->
HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> localhost ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
*.update_microsoft.com [https] -> Trusted sites ->
download_windowsupdate.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{58A839B2-2252-47D8-8E27-76ECFB247DBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{7645B948-C8BA-4FCF-A989-482CD7AFEAB3} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{95e853f2-d8a9-4f1b-99a7-148c422ab5e6} [HKEY_LOCAL_MACHINE] -> %System32%\bugbvflc.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 12/11/2007 1:35:46 PM | Attr = ]
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\vtuutrp.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{F34C67C2-15EE-46B0-B3E0-FA36F5A42AA0} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{653D93AF-C741-4e5e-8C1B-59BA43F93E16}:Exec -> [Panda ActiveScan] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{CE5D87D0-8B4A-49BF-B68E-822D7EBED651} -> () ->
{FAA76992-B47D-464A-80F4-E8E851A849CD} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{156BF4B7-AE3A-4365-BD88-95A75AF8F09D}[HKEY_LOCAL_MACHINE] -> http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab[HPSDDX Class] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] ->
{512FC5A1-7DE1-43F1-BC0C-371622FCB409}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/as/cabs/ascstubie.cab[TotalScan Installer Class] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1198943520230[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->



[Files/Folders - Created Within 30 days]
38C1.tmp -> %SystemDrive%\38C1.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/11/2008 11:21:22 PM | Attr = ]
3AFF.tmp -> %SystemDrive%\3AFF.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/9/2008 7:30:19 PM | Attr = ]
757E.tmp -> %SystemDrive%\757E.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/9/2008 9:28:58 PM | Attr = ]
AFFF.tmp -> %SystemDrive%\AFFF.tmp -> [Ver = | Size = 115560448 bytes | Created Date = 1/10/2008 6:40:58 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/7/2008 5:23:31 PM | Attr = H ]
lj194 -> %SystemDrive%\lj194 -> [Folder | Created Date = 12/23/2007 8:38:05 PM | Attr = ]
MyProjects -> %SystemDrive%\MyProjects -> [Folder | Created Date = 12/25/2007 10:25:55 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/15/2008 7:13:02 PM | Attr = ]
akciglcflbmv.sys -> %System32%\drivers\akciglcflbmv.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/9/2008 8:37:52 PM | Attr = ]
inxenmmugnvu.sys -> %System32%\drivers\inxenmmugnvu.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/9/2008 6:45:37 PM | Attr = ]
PROCEXP.SYS -> %System32%\drivers\PROCEXP.SYS -> SysInternals [Ver = 6.00 | Size = 10140 bytes | Created Date = 12/25/2007 10:30:04 AM | Attr = ]
qnapydxupfhy.sys -> %System32%\drivers\qnapydxupfhy.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/10/2008 5:56:06 PM | Attr = ]
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/10/2008 5:57:16 PM | Attr = ]
xchhvlpfejjk.sys -> %System32%\drivers\xchhvlpfejjk.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/11/2008 10:32:49 PM | Attr = ]
000080.exe -> %System32%\000080.exe -> [Ver = | Size = 286288 bytes | Created Date = 12/22/2007 12:54:36 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/9/2008 6:34:33 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/9/2008 6:35:00 PM | Attr = ]
bits -> %System32%\bits -> [Folder | Created Date = 1/7/2008 5:26:14 PM | Attr = ]
ggggh.ini -> %System32%\ggggh.ini -> [Ver = | Size = 470572 bytes | Created Date = 12/31/2007 6:04:54 PM | Attr = HS]
ggggh.ini2 -> %System32%\ggggh.ini2 -> [Ver = | Size = 470572 bytes | Created Date = 1/1/2008 11:38:44 AM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/9/2008 6:34:36 PM | Attr = ]
hgded.exe -> %System32%\hgded.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 10:21:15 AM | Attr = ]
hgggg.exe -> %System32%\hgggg.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 6:04:55 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 12/23/2007 9:00:40 PM | Attr = ]
khfda.exe -> %System32%\khfda.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 11:30:03 PM | Attr = ]
kjjjl.ini -> %System32%\kjjjl.ini -> [Ver = | Size = 467982 bytes | Created Date = 1/2/2008 7:59:30 PM | Attr = HS]
kjjjl.ini2 -> %System32%\kjjjl.ini2 -> [Ver = | Size = 467982 bytes | Created Date = 1/2/2008 7:59:30 PM | Attr = HS]
lnoqr.ini -> %System32%\lnoqr.ini -> [Ver = | Size = 470902 bytes | Created Date = 12/29/2007 3:31:48 PM | Attr = HS]
lnoqr.ini2 -> %System32%\lnoqr.ini2 -> [Ver = | Size = 470902 bytes | Created Date = 12/29/2007 3:31:48 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 12/23/2007 8:41:45 PM | Attr = ]
mljii.exe -> %System32%\mljii.exe -> [Ver = | Size = 1 bytes | Created Date = 12/29/2007 5:35:27 PM | Attr = ]
mljji.exe -> %System32%\mljji.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 3:58:48 PM | Attr = ]
mmlnn.ini -> %System32%\mmlnn.ini -> [Ver = | Size = 478289 bytes | Created Date = 12/22/2007 5:47:38 PM | Attr = HS]
mmlnn.ini2 -> %System32%\mmlnn.ini2 -> [Ver = | Size = 478289 bytes | Created Date = 12/22/2007 5:47:39 PM | Attr = HS]
NeroCheck .exe -> %System32%\NeroCheck .exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 12/22/2007 6:23:06 PM | Attr = ]
nmlnn.ini -> %System32%\nmlnn.ini -> [Ver = | Size = 9562 bytes | Created Date = 1/2/2008 11:12:57 PM | Attr = HS]
nmlnn.ini2 -> %System32%\nmlnn.ini2 -> [Ver = | Size = 9562 bytes | Created Date = 1/2/2008 11:12:58 PM | Attr = HS]
nnlmm.exe -> %System32%\nnlmm.exe -> [Ver = | Size = 1 bytes | Created Date = 12/29/2007 10:48:55 AM | Attr = ]
opnlm.exe -> %System32%\opnlm.exe -> [Ver = | Size = 3584 bytes | Created Date = 1/15/2008 5:54:21 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/9/2008 6:34:36 PM | Attr = ]
rqonl.exe -> %System32%\rqonl.exe -> [Ver = | Size = 1 bytes | Created Date = 12/29/2007 3:31:48 PM | Attr = ]
rqooo.exe -> %System32%\rqooo.exe -> [Ver = | Size = 1 bytes | Created Date = 12/31/2007 5:23:11 AM | Attr = ]
rqrsr.exe -> %System32%\rqrsr.exe -> [Ver = | Size = 1 bytes | Created Date = 1/1/2008 1:55:09 AM | Attr = ]
rsrqr.ini -> %System32%\rsrqr.ini -> [Ver = | Size = 471455 bytes | Created Date = 1/1/2008 2:40:10 PM | Attr = HS]
rsrqr.ini2 -> %System32%\rsrqr.ini2 -> [Ver = | Size = 471455 bytes | Created Date = 1/1/2008 5:08:03 PM | Attr = HS]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/9/2008 6:34:36 PM | Attr = ]
urqnn.exe -> %System32%\urqnn.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 6:26:18 PM | Attr = ]
xxyvt.exe -> %System32%\xxyvt.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 4:08:40 PM | Attr = ]
xxyyx.exe -> %System32%\xxyyx.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 7:53:32 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/9/2008 6:35:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/9/2008 10:33:54 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 1/7/2008 5:49:29 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/7/2008 5:51:31 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 1/7/2008 5:46:45 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/6/2008 10:58:00 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/6/2008 10:58:00 PM | Attr = H ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 224 bytes | Created Date = 1/1/2008 11:36:21 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 254 bytes | Created Date = 1/8/2008 7:39:05 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/8/2008 8:03:06 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/15/2008 7:09:49 PM | Attr = ]
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Created Date = 12/30/2007 6:24:04 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/15/2008 7:09:42 PM | Attr = ]
microsoft -> %AllUsersDocuments%\microsoft -> [Folder | Created Date = 1/7/2008 5:30:21 PM | Attr = ]
Bulla_sage_puzzlepirates log -> %UserDocuments%\Bulla_sage_puzzlepirates log -> [Ver = | Size = 2543 bytes | Created Date = 1/6/2008 3:27:20 PM | Attr = ]
employment termination-- steve.doc -> %UserDocuments%\employment termination-- steve.doc -> [Ver = | Size = 19968 bytes | Created Date = 1/13/2008 10:12:50 PM | Attr = ]
Mom's cheese ball recipe.doc -> %UserDocuments%\Mom's cheese ball recipe.doc -> [Ver = | Size = 20480 bytes | Created Date = 12/21/2007 8:32:50 PM | Attr = ]
Phoneybill_sage_puzzlepirates log -> %UserDocuments%\Phoneybill_sage_puzzlepirates log -> [Ver = | Size = 24931 bytes | Created Date = 12/28/2007 11:53:48 AM | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 1/8/2008 8:03:13 PM | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 1/8/2008 8:03:13 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/15/2008 7:09:43 PM | Attr = ]
Yahoo! Mail.lnk -> %AllUsersDesktop%\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Created Date = 12/23/2007 5:13:33 PM | Attr = ]
Yahoo! Messenger.lnk -> %AllUsersDesktop%\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Created Date = 1/8/2008 7:29:18 AM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/10/2008 6:46:48 AM | Attr = ]
OneCare.lnk -> %UserDesktop%\OneCare.lnk -> [Ver = | Size = 846 bytes | Created Date = 1/8/2008 12:10:44 AM | Attr = ]
Panda ActiveScan.lnk -> %UserDesktop%\Panda ActiveScan.lnk -> [Ver = | Size = 1336 bytes | Created Date = 1/9/2008 8:39:53 PM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/15/2008 7:08:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/15/2008 4:39:10 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/15/2008 4:37:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 12/30/2007 6:24:48 PM | Attr = HS]

[Files/Folders - Modified Within 30 days]
38C1.tmp -> %SystemDrive%\38C1.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/11/2008 11:21:42 PM | Attr = ]
3AFF.tmp -> %SystemDrive%\3AFF.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/9/2008 7:30:39 PM | Attr = ]
757E.tmp -> %SystemDrive%\757E.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/9/2008 9:29:15 PM | Attr = ]
AFFF.tmp -> %SystemDrive%\AFFF.tmp -> [Ver = | Size = 115560448 bytes | Modified Date = 1/10/2008 6:41:24 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/15/2008 7:09:46 PM | Attr = H ]
lj194 -> %SystemDrive%\lj194 -> [Folder | Modified Date = 12/23/2007 8:38:05 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 1/3/2008 7:36:58 PM | Attr = R ]
MyProjects -> %SystemDrive%\MyProjects -> [Folder | Modified Date = 12/25/2007 10:25:55 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/15/2008 7:09:42 PM | Attr = R ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 1:18:45 AM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 1:23:45 AM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 3:31:15 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 11:12:40 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/28/2007 4:46:36 PM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 1:18:45 AM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 1:23:45 AM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 3:31:15 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 11:12:39 PM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/28/2007 4:46:36 PM | Attr = H ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/7/2008 9:02:07 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/15/2008 7:13:02 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/12/2008 11:28:28 AM | Attr = ]
dvd43llh.sys -> %System32%\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 1/12/2008 10:58:46 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/8/2008 11:05:55 PM | Attr = ]
PROCEXP.SYS -> %System32%\drivers\PROCEXP.SYS -> SysInternals [Ver = 6.00 | Size = 10140 bytes | Modified Date = 1/2/2008 9:58:53 PM | Attr = ]
000080.exe -> %System32%\000080.exe -> [Ver = | Size = 286288 bytes | Modified Date = 12/22/2007 12:54:36 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/11/2008 10:39:13 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 12/23/2007 3:54:07 PM | Attr = ]
bits -> %System32%\bits -> [Folder | Modified Date = 1/7/2008 5:26:14 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/7/2008 10:58:29 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/15/2008 10:43:30 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/7/2008 5:30:05 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 1/8/2008 7:41:14 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/15/2008 5:54:32 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/12/2008 9:35:58 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/7/2008 5:27:22 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 1/7/2008 5:51:45 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 123728 bytes | Modified Date = 12/29/2007 12:37:49 PM | Attr = ]
ggggh.ini -> %System32%\ggggh.ini -> [Ver = | Size = 470572 bytes | Modified Date = 1/2/2008 6:00:55 PM | Attr = HS]
ggggh.ini2 -> %System32%\ggggh.ini2 -> [Ver = | Size = 470572 bytes | Modified Date = 1/2/2008 6:00:56 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/11/2008 10:29:59 PM | Attr = ]
hgded.exe -> %System32%\hgded.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 10:21:15 AM | Attr = ]
hgggg.exe -> %System32%\hgggg.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 6:04:55 PM | Attr = ]
khfda.exe -> %System32%\khfda.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 11:30:03 PM | Attr = ]
kjjjl.ini -> %System32%\kjjjl.ini -> [Ver = | Size = 467982 bytes | Modified Date = 1/3/2008 7:36:42 PM | Attr = HS]
kjjjl.ini2 -> %System32%\kjjjl.ini2 -> [Ver = | Size = 467982 bytes | Modified Date = 1/3/2008 7:36:42 PM | Attr = HS]
lnoqr.ini -> %System32%\lnoqr.ini -> [Ver = | Size = 470902 bytes | Modified Date = 12/30/2007 7:50:45 PM | Attr = HS]
lnoqr.ini2 -> %System32%\lnoqr.ini2 -> [Ver = | Size = 470902 bytes | Modified Date = 12/30/2007 7:50:45 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 1/14/2008 6:37:40 PM | Attr = ]
mljii.exe -> %System32%\mljii.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/29/2007 5:35:27 PM | Attr = ]
mljji.exe -> %System32%\mljji.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 3:58:48 PM | Attr = ]
mmlnn.ini -> %System32%\mmlnn.ini -> [Ver = | Size = 478289 bytes | Modified Date = 12/29/2007 10:18:32 PM | Attr = HS]
mmlnn.ini2 -> %System32%\mmlnn.ini2 -> [Ver = | Size = 478289 bytes | Modified Date = 12/29/2007 10:18:33 PM | Attr = HS]
NeroCheck .exe -> %System32%\NeroCheck .exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 12/28/2007 8:35:57 PM | Attr = ]
nmlnn.ini -> %System32%\nmlnn.ini -> [Ver = | Size = 9562 bytes | Modified Date = 1/5/2008 8:03:59 PM | Attr = HS]
nmlnn.ini2 -> %System32%\nmlnn.ini2 -> [Ver = | Size = 9562 bytes | Modified Date = 1/5/2008 8:03:59 PM | Attr = HS]
nnlmm.exe -> %System32%\nnlmm.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/29/2007 10:48:55 AM | Attr = ]
opnlm.exe -> %System32%\opnlm.exe -> [Ver = | Size = 3584 bytes | Modified Date = 1/15/2008 5:54:21 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/11/2008 10:29:59 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62286 bytes | Modified Date = 12/29/2007 12:47:53 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400624 bytes | Modified Date = 12/29/2007 12:47:53 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 452994 bytes | Modified Date = 12/29/2007 12:47:53 PM | Attr = ]
rqonl.exe -> %System32%\rqonl.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/29/2007 3:31:48 PM | Attr = ]
rqooo.exe -> %System32%\rqooo.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/31/2007 5:23:11 AM | Attr = ]
rqrsr.exe -> %System32%\rqrsr.exe -> [Ver = | Size = 1 bytes | Modified Date = 1/1/2008 1:55:09 AM | Attr = ]
rsrqr.ini -> %System32%\rsrqr.ini -> [Ver = | Size = 471455 bytes | Modified Date = 1/2/2008 6:00:57 PM | Attr = HS]
rsrqr.ini2 -> %System32%\rsrqr.ini2 -> [Ver = | Size = 471455 bytes | Modified Date = 1/2/2008 6:01:00 PM | Attr = HS]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/11/2008 10:30:00 PM | Attr = ]
urqnn.exe -> %System32%\urqnn.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 6:26:18 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 1/10/2008 5:57:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 1/15/2008 10:43:42 PM | Attr = ]
xxyvt.exe -> %System32%\xxyvt.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 4:08:40 PM | Attr = ]
xxyyx.exe -> %System32%\xxyyx.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 7:53:32 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 6:28:19 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/10/2008 5:57:15 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 1/8/2008 7:40:24 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/10/2008 6:11:41 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/15/2008 10:42:51 PM | Attr = S]
Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 12/24/2007 1:55:08 PM | Attr = ]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 1/7/2008 12:10:01 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/29/2007 11:13:51 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/12/2008 9:23:32 AM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/8/2008 6:53:27 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 1/7/2008 5:50:21 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 1/7/2008 10:57:58 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 3:00:47 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/12/2008 9:23:44 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/15/2008 7:09:46 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/7/2008 5:50:32 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/29/2007 1:04:26 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/29/2007 12:37:48 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/15/2008 11:05:58 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/7/2008 9:44:26 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/15/2008 10:44:26 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/6/2008 10:58:00 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/14/2008 7:47:57 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/29/2007 12:43:49 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 1/9/2008 6:08:35 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/29/2007 11:08:23 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 231 bytes | Modified Date = 1/7/2008 5:08:43 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/15/2008 7:30:53 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/8/2008 7:39:05 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/15/2008 10:44:09 PM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 59 bytes | Modified Date = 1/9/2008 6:09:58 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 1/7/2008 5:50:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 775 bytes | Modified Date = 1/9/2008 6:42:13 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 224 bytes | Modified Date = 1/13/2008 9:15:42 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/29/2007 12:47:00 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 254 bytes | Modified Date = 1/15/2008 9:48:00 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/15/2008 10:42:56 PM | Attr = H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> [Ver = | Size = 432 bytes | Modified Date = 1/15/2008 10:43:09 PM | Attr = ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 362 bytes | Modified Date = 1/15/2008 2:00:00 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/8/2008 8:03:06 PM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 1/7/2008 5:32:39 PM | Attr = S]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/15/2008 7:09:49 PM | Attr = ]
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Modified Date = 1/8/2008 7:37:56 AM | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Modified Date = 12/23/2007 5:16:15 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 12/23/2007 8:04:09 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 1/8/2008 4:40:08 PM | Attr = S]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/15/2008 7:09:42 PM | Attr = ]
yahoo! -> %UserAppData%\yahoo! -> [Folder | Modified Date = 12/23/2007 8:07:50 PM | Attr = RH ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/29/2007 12:45:14 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/10/2008 5:48:50 PM | Attr = ]
microsoft -> %AllUsersDocuments%\microsoft -> [Folder | Modified Date = 1/7/2008 5:30:21 PM | Attr = ]
Bulla_sage_puzzlepirates log -> %UserDocuments%\Bulla_sage_puzzlepirates log -> [Ver = | Size = 2543 bytes | Modified Date = 1/6/2008 3:40:18 PM | Attr = ]
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 76 bytes | Modified Date = 1/7/2008 5:54:02 PM | Attr = HS]
employment termination-- steve.doc -> %UserDocuments%\employment termination-- steve.doc -> [Ver = | Size = 19968 bytes | Modified Date = 1/13/2008 10:12:50 PM | Attr = ]
Jacapo_sage_puzzlepirates log -> %UserDocuments%\Jacapo_sage_puzzlepirates log -> [Ver = | Size = 50438 bytes | Modified Date = 12/27/2007 2:12:00 PM | Attr = ]
Mom's cheese ball recipe.doc -> %UserDocuments%\Mom's cheese ball recipe.doc -> [Ver = | Size = 20480 bytes | Modified Date = 12/21/2007 8:32:50 PM | Attr = ]
Mortimerez_sage_puzzlepirates log -> %UserDocuments%\Mortimerez_sage_puzzlepirates log -> [Ver = | Size = 10675943 bytes | Modified Date = 1/6/2008 7:29:40 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/7/2008 5:54:03 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/8/2008 8:02:22 PM | Attr = R ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 556 bytes | Modified Date = 12/28/2007 1:32:06 AM | Attr = ]
Phoneybill_sage_puzzlepirates log -> %UserDocuments%\Phoneybill_sage_puzzlepirates log -> [Ver = | Size = 24931 bytes | Modified Date = 12/28/2007 5:10:46 PM | Attr = ]
Stowaway_sage_puzzlepirates log -> %UserDocuments%\Stowaway_sage_puzzlepirates log -> [Ver = | Size = 76445 bytes | Modified Date = 12/27/2007 1:30:26 PM | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 1/8/2008 8:03:13 PM | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 1/8/2008 8:03:13 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/15/2008 7:09:43 PM | Attr = ]
Yahoo! Mail.lnk -> %AllUsersDesktop%\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Modified Date = 12/23/2007 5:13:33 PM | Attr = ]
Yahoo! Messenger.lnk -> %AllUsersDesktop%\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Modified Date = 1/8/2008 7:29:18 AM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/10/2008 6:46:48 AM | Attr = ]
marteny.doc -> %UserDesktop%\marteny.doc -> [Ver = | Size = 52736 bytes | Modified Date = 1/6/2008 7:58:55 PM | Attr = ]
marteny2.doc -> %UserDesktop%\marteny2.doc -> [Ver = | Size = 52736 bytes | Modified Date = 1/6/2008 7:43:44 PM | Attr = ]
OneCare.lnk -> %UserDesktop%\OneCare.lnk -> [Ver = | Size = 846 bytes | Modified Date = 1/8/2008 12:13:45 AM | Attr = ]
Panda ActiveScan.lnk -> %UserDesktop%\Panda ActiveScan.lnk -> [Ver = | Size = 1336 bytes | Modified Date = 1/9/2008 8:39:54 PM | Attr = ]
Program Downloads -> %UserDesktop%\Program Downloads -> [Folder | Modified Date = 1/12/2008 10:43:22 AM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/15/2008 7:09:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/15/2008 10:04:04 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/15/2008 4:37:53 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk -> [Ver = | Size = 682 bytes | Modified Date = 1/12/2008 6:18:41 PM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 1/9/2008 6:09:21 PM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 12/29/2007 11:14:43 AM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 12/30/2007 6:26:40 PM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/15/2008 7:09:05 PM | Attr = ]
ent.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Windows OneCare Live\ent.dat -> [Ver = | Size = 11616 bytes | Modified Date = 1/7/2008 5:36:49 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 1/15/2008 4:56:33 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5625 bytes | Modified Date = 1/15/2008 4:56:33 PM | Attr = ]
Perflib_Perfdata_1068.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_1068.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/1/2007 4:02:14 PM | Attr = ]
Perflib_Perfdata_138.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_138.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2007 8:45:22 PM | Attr = ]
Perflib_Perfdata_1570.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_1570.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/28/2007 3:38:02 PM | Attr = ]
Perflib_Perfdata_c5c.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_c5c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/24/2007 12:56:57 AM | Attr = ]
Perflib_Perfdata_e10.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_e10.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/15/2007 4:20:56 AM | Attr = ]
Perflib_Perfdata_eac.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Perflib_Perfdata_eac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/24/2007 8:06:49 AM | Attr = ]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 212992 bytes | Modified Date = 1/15/2008 10:43:53 PM | Attr = ]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\History\History.IE5\index.dat -> [Ver = | Size = 425984 bytes | Modified Date = 1/15/2008 10:43:53 PM | Attr = ]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\History\History.IE5\MSHist012008011520080116\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 1/15/2008 10:18:55 PM | Attr = HS]
index.dat -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 7454720 bytes | Modified Date = 1/15/2008 10:43:53 PM | Attr = ]
WebUpdate.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\WebUpdate.ini -> [Ver = | Size = 96 bytes | Modified Date = 9/10/2006 11:48:12 AM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 664 bytes | Modified Date = 12/3/2007 5:57:22 PM | Attr = ]
ISUSRT.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\{D8150F10-196F-4EE0-8DFB-FF830DD87B04}\{5BA32238-AE28-4EAD-AD7E-01356597DC8B}\ISUSRT.ini -> [Ver = | Size = 476 bytes | Modified Date = 5/13/2005 9:40:16 AM | Attr = ]
desktop.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 6/15/2007 4:58:34 PM | Attr = HS]
desktop.ini -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 11:31:22 AM | Attr = HS]
4649_2731[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\4649_2731[1].gif -> [Ver = | Size = 20031 bytes | Modified Date = 1/15/2008 6:59:26 PM | Attr = ]
attach_wait[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\attach_wait[1].gif -> [Ver = | Size = 2381 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
a[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\a[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
blank[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blank[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
blue_help[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_help[1].gif -> [Ver = | Size = 261 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_localRadar[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_localRadar[1].gif -> [Ver = | Size = 480 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_search[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_search[1].gif -> [Ver = | Size = 286 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
blue_ski[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_ski[1].gif -> [Ver = | Size = 455 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_weatherStation[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\blue_weatherStation[1].gif -> [Ver = | Size = 459 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
boxsweeper111[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\boxsweeper111[1].gif -> [Ver = | Size = 3416 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
brmedia[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\brmedia[1].gif -> [Ver = | Size = 483 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
channelchooser[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\channelchooser[1].gif -> [Ver = | Size = 2470 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
clapping[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\clapping[1].gif -> [Ver = | Size = 4796 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
CLSM-00014-CMb11_125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\CLSM-00014-CMb11_125x125[1].gif -> [Ver = | Size = 11274 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
CLSM-3girls_80_160x600[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\CLSM-3girls_80_160x600[1].gif -> [Ver = | Size = 16975 bytes | Modified Date = 1/15/2008 6:59:26 PM | Attr = ]
CLSM-fall_leaves_728x90[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\CLSM-fall_leaves_728x90[1].gif -> [Ver = | Size = 20457 bytes | Modified Date = 1/15/2008 9:59:43 PM | Attr = ]
cross[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\cross[1].gif -> [Ver = | Size = 4169 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
disc-sharedf[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\disc-sharedf[1].gif -> [Ver = | Size = 1932 bytes | Modified Date = 1/15/2008 7:06:48 PM | Attr = ]
epa-good[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\epa-good[1].gif -> [Ver = | Size = 535 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
epa-moderate[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\epa-moderate[1].gif -> [Ver = | Size = 535 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
gui-headSlogan[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\gui-headSlogan[1].gif -> [Ver = | Size = 1900 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
gui-menuPage-BG[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\gui-menuPage-BG[1].gif -> [Ver = | Size = 689 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
highleftr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\highleftr[1].gif -> [Ver = | Size = 825 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
i30_bg5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\i30_bg5[1].gif -> [Ver = | Size = 49 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_image4[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\i30_image4[1].gif -> [Ver = | Size = 176 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_image6[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\i30_image6[1].gif -> [Ver = | Size = 997 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_image7[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\i30_image7[1].gif -> [Ver = | Size = 2215 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
icon13[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\icon13[1].gif -> [Ver = | Size = 1104 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\icon5[1].gif -> [Ver = | Size = 672 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon9[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\icon9[1].gif -> [Ver = | Size = 888 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
IMGCheckMark[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\IMGCheckMark[1].gif -> [Ver = | Size = 1165 bytes | Modified Date = 1/15/2008 7:07:15 PM | Attr = ]
IMGInfoBoxTop[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\IMGInfoBoxTop[1].gif -> [Ver = | Size = 130 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGProVersion[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\IMGProVersion[1].gif -> [Ver = | Size = 7452 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
leftGradDARK[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\leftGradDARK[1].gif -> [Ver = | Size = 104 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
logo-stagex[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\logo-stagex[1].gif -> [Ver = | Size = 1876 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
logo-watchmovies[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\logo-watchmovies[1].gif -> [Ver = | Size = 2353 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
myspace512[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\myspace512[1].gif -> [Ver = | Size = 835 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
mytheater41231[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\mytheater41231[1].gif -> [Ver = | Size = 1180 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
nothingtoxic[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\nothingtoxic[1].gif -> [Ver = | Size = 2421 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
nt_partlycloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\nt_partlycloudy[1].gif -> [Ver = | Size = 673 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
pollen[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\pollen[1].gif -> [Ver = | Size = 1398 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
r5c2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\r5c2[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
rte-list[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\rte-list[1].gif -> [Ver = | Size = 750 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte-outdent[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\rte-outdent[1].gif -> [Ver = | Size = 757 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte-remove-formatting[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\rte-remove-formatting[1].gif -> [Ver = | Size = 784 bytes | Modified Date = 1/15/2008 4:44:16 PM | Attr = ]
rte-resize-down[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\rte-resize-down[1].gif -> [Ver = | Size = 551 bytes | Modified Date = 1/15/2008 4:29:33 PM | Attr = ]
search1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\search1[1].gif -> [Ver = | Size = 2259 bytes | Modified Date = 1/15/2008 4:45:26 PM | Attr = ]
smalllogo2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\smalllogo2[1].gif -> [Ver = | Size = 707 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
spacer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\spacer[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
statefarm_logo[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\statefarm_logo[1].gif -> [Ver = | Size = 2658 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
sunny[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\sunny[1].gif -> [Ver = | Size = 864 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
TAanimatedR[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\TAanimatedR[1].gif -> [Ver = | Size = 131 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
thecw[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\thecw[1].gif -> [Ver = | Size = 580 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
tile_back[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\tile_back[1].gif -> [Ver = | Size = 940 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
tile_cat[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\tile_cat[1].gif -> [Ver = | Size = 2760 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
topDarkLight2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\topDarkLight2[1].gif -> [Ver = | Size = 257 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
topLightLight2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\topLightLight2[1].gif -> [Ver = | Size = 209 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
Trip-Paris[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\Trip-Paris[1].gif -> [Ver = | Size = 1032 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
VDON_VTG_creative[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\VDON_VTG_creative[1].gif -> [Ver = | Size = 7384 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
wacko[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\wacko[1].gif -> [Ver = | Size = 946 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
whistling[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\whistling[1].gif -> [Ver = | Size = 1230 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
whiteT[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\71VYI8JN\whiteT[1].gif -> [Ver = | Size = 204 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
360arrows_blue[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\360arrows_blue[1].gif -> [Ver = | Size = 37343 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
9903798-10[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\9903798-10[1].gif -> [Ver = | Size = 48706 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
alarm-green[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\alarm-green[1].gif -> [Ver = | Size = 998 bytes | Modified Date = 1/15/2008 7:06:48 PM | Attr = ]
arrow-up[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\arrow-up[1].gif -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
blinkxtv[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\blinkxtv[1].gif -> [Ver = | Size = 971 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
blue_forecastFlyer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\blue_forecastFlyer[1].gif -> [Ver = | Size = 254 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_tripPlanner[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\blue_tripPlanner[1].gif -> [Ver = | Size = 460 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
cbslogo[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\cbslogo[1].gif -> [Ver = | Size = 2444 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
clear[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\clear[1].gif -> [Ver = | Size = 49 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
clear[2].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\clear[2].gif -> [Ver = | Size = 864 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
closebutton[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\closebutton[1].gif -> [Ver = | Size = 1202 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
cloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\cloudy[1].gif -> [Ver = | Size = 808 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
CLSM-00014-cmbwpics3_nl_s_125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\CLSM-00014-cmbwpics3_nl_s_125x125[1].gif -> [Ver = | Size = 6308 bytes | Modified Date = 1/15/2008 6:59:26 PM | Attr = ]
crazy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\crazy[1].gif -> [Ver = | Size = 4986 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
disc-hd[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\disc-hd[1].gif -> [Ver = | Size = 1740 bytes | Modified Date = 1/15/2008 7:06:48 PM | Attr = ]
dry[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\dry[1].gif -> [Ver = | Size = 696 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
forums-navbar[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\forums-navbar[1].gif -> [Ver = | Size = 9088 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
google4112[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\google4112[1].gif -> [Ver = | Size = 991 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
gui-blank[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\gui-blank[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
gui-frameBody-BG[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\gui-frameBody-BG[1].gif -> [Ver = | Size = 6232 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
i30_bg2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\i30_bg2[1].gif -> [Ver = | Size = 251 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_bg4[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\i30_bg4[1].gif -> [Ver = | Size = 185 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_icon2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\i30_icon2[1].gif -> [Ver = | Size = 84 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
ical[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\ical[1].gif -> [Ver = | Size = 460 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
icon11[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\icon11[1].gif -> [Ver = | Size = 689 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon3[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\icon3[1].gif -> [Ver = | Size = 673 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon7[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\icon7[1].gif -> [Ver = | Size = 672 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
IMGFreeVersion[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\IMGFreeVersion[1].gif -> [Ver = | Size = 7744 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGNavBarRight[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\IMGNavBarRight[1].gif -> [Ver = | Size = 1814 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGPurchase[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\IMGPurchase[1].gif -> [Ver = | Size = 1051 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
index[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\index[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:29:33 PM | Attr = ]
index[2].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\index[2].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 4:44:06 PM | Attr = ]
index[3].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\index[3].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 6:59:45 PM | Attr = ]
in_love[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\in_love[1].gif -> [Ver = | Size = 13311 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
logo-tvlinks-071228[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\logo-tvlinks-071228[1].gif -> [Ver = | Size = 1625 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
logo-watchthesimpsonsonline[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\logo-watchthesimpsonsonline[1].gif -> [Ver = | Size = 3398 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
logo_footer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\logo_footer[1].gif -> [Ver = | Size = 1747 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
lordoftv[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\lordoftv[1].gif -> [Ver = | Size = 1250 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
menu_action_down[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\menu_action_down[1].gif -> [Ver = | Size = 100 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
moon23[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\moon23[1].gif -> [Ver = | Size = 2271 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
movie6[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\movie6[1].gif -> [Ver = | Size = 749 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
nt_sunny[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\nt_sunny[1].gif -> [Ver = | Size = 680 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
partlycloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\partlycloudy[1].gif -> [Ver = | Size = 748 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
pbbg[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\pbbg[1].gif -> [Ver = | Size = 45 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
privacy_protection_160x600[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\privacy_protection_160x600[1].gif -> [Ver = | Size = 19565 bytes | Modified Date = 1/15/2008 6:59:28 PM | Attr = ]
p_edit[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\p_edit[1].gif -> [Ver = | Size = 1438 bytes | Modified Date = 1/15/2008 4:45:42 PM | Attr = ]
p_mq_add[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\p_mq_add[1].gif -> [Ver = | Size = 1712 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
r5c5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\r5c5[1].gif -> [Ver = | Size = 99 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
rssmini[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\rssmini[1].gif -> [Ver = | Size = 295 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
rte-emoticon[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\rte-emoticon[1].gif -> [Ver = | Size = 1068 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte-indent[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\rte-indent[1].gif -> [Ver = | Size = 757 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte-textcolor[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\rte-textcolor[1].gif -> [Ver = | Size = 856 bytes | Modified Date = 1/15/2008 4:44:16 PM | Attr = ]
spiders_728x90[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\spiders_728x90[1].gif -> [Ver = | Size = 21844 bytes | Modified Date = 1/15/2008 7:07:09 PM | Attr = ]
TAanimatedBR[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\TAanimatedBR[1].gif -> [Ver = | Size = 346 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TAanimatedL[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\TAanimatedL[1].gif -> [Ver = | Size = 131 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
topDark[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\topDark[1].gif -> [Ver = | Size = 126 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
topLightLightBar_noGrad[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\topLightLightBar_noGrad[1].gif -> [Ver = | Size = 104 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
to_post_off[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\to_post_off[1].gif -> [Ver = | Size = 64 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
TripAdvisor-TL[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\TripAdvisor-TL[1].gif -> [Ver = | Size = 381 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
wxRadio[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\wxRadio[1].gif -> [Ver = | Size = 4307 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
x-click-but04[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\88PNNXE1\x-click-but04[1].gif -> [Ver = | Size = 2127 bytes | Modified Date = 1/15/2008 10:19:08 PM | Attr = ]
011308ofr5.120x600[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\011308ofr5.120x600[1].gif -> [Ver = | Size = 12717 bytes | Modified Date = 1/15/2008 4:43:45 PM | Attr = ]
300x250-warning-v1-a-fred-s[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\300x250-warning-v1-a-fred-s[1].gif -> [Ver = | Size = 7793 bytes | Modified Date = 1/15/2008 4:29:11 PM | Attr = ]
adult_scan_125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\adult_scan_125x125[1].gif -> [Ver = | Size = 2956 bytes | Modified Date = 1/15/2008 4:43:49 PM | Attr = ]
alert-icon[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\alert-icon[1].gif -> [Ver = | Size = 609 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
alluc[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\alluc[1].gif -> [Ver = | Size = 3348 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
arrow-down[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\arrow-down[1].gif -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
Astro[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\Astro[1].gif -> [Ver = | Size = 150 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blink[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blink[1].gif -> [Ver = | Size = 1088 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
blue_noWarning[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blue_noWarning[1].gif -> [Ver = | Size = 301 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
blue_radio[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blue_radio[1].gif -> [Ver = | Size = 284 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_snowDepth[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\blue_snowDepth[1].gif -> [Ver = | Size = 473 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
gui-buttonSubmit-search[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\gui-buttonSubmit-search[1].gif -> [Ver = | Size = 2186 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
gui-menuCategory-head[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\gui-menuCategory-head[1].gif -> [Ver = | Size = 878 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
gui-statsBox-icons[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\gui-statsBox-icons[1].gif -> [Ver = | Size = 5605 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
highrightr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\highrightr[1].gif -> [Ver = | Size = 822 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
i30_boton_details[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\i30_boton_details[1].gif -> [Ver = | Size = 746 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_boton_next[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\i30_boton_next[1].gif -> [Ver = | Size = 733 bytes | Modified Date = 1/15/2008 7:07:21 PM | Attr = ]
i30_image2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\i30_image2[1].gif -> [Ver = | Size = 572 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_image5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\i30_image5[1].gif -> [Ver = | Size = 808 bytes | Modified Date = 1/15/2008 7:07:23 PM | Attr = ]
i30_spacer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\i30_spacer[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
icon10[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon10[1].gif -> [Ver = | Size = 672 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon13[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon13[1].gif -> [Ver = | Size = 1104 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
icon14[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon14[1].gif -> [Ver = | Size = 1104 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon1[1].gif -> [Ver = | Size = 672 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon2[1].gif -> [Ver = | Size = 676 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon6[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\icon6[1].gif -> [Ver = | Size = 666 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
IMGNavBarLeft[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\IMGNavBarLeft[1].gif -> [Ver = | Size = 315 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGSAB_SAS[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\IMGSAB_SAS[1].gif -> [Ver = | Size = 19887 bytes | Modified Date = 1/15/2008 7:07:38 PM | Attr = ]
IMGSASBoxSmall[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\IMGSASBoxSmall[1].gif -> [Ver = | Size = 7131 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGSASTitleImage[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\IMGSASTitleImage[1].gif -> [Ver = | Size = 21062 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGSUPERAntiSpywareSmall[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\IMGSUPERAntiSpywareSmall[1].gif -> [Ver = | Size = 10235 bytes | Modified Date = 1/15/2008 7:07:07 PM | Attr = ]
index[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\index[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 9:59:55 PM | Attr = ]
index[3].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\index[3].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 10:19:09 PM | Attr = ]
insideBGleft[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\insideBGleft[1].gif -> [Ver = | Size = 116 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
joox1111[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\joox1111[1].gif -> [Ver = | Size = 2488 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
logo-cinecast[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\logo-cinecast[1].gif -> [Ver = | Size = 1703 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
logo-divxlive[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\logo-divxlive[1].gif -> [Ver = | Size = 1410 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
logo-southparkzone[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\logo-southparkzone[1].gif -> [Ver = | Size = 2450 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
logo-surfthechannel[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\logo-surfthechannel[1].gif -> [Ver = | Size = 1787 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
lowleftr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\lowleftr[1].gif -> [Ver = | Size = 822 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
mellow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\mellow[1].gif -> [Ver = | Size = 698 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
menu_action_down-padded[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\menu_action_down-padded[1].gif -> [Ver = | Size = 838 bytes | Modified Date = 1/15/2008 4:34:48 PM | Attr = ]
metacafe3[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\metacafe3[1].gif -> [Ver = | Size = 1171 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
moon16[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\moon16[1].gif -> [Ver = | Size = 2488 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
moon7[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\moon7[1].gif -> [Ver = | Size = 2186 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
nav_m[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\nav_m[1].gif -> [Ver = | Size = 53 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
nt_chancesnow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\nt_chancesnow[1].gif -> [Ver = | Size = 895 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
nt_clear[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\nt_clear[1].gif -> [Ver = | Size = 680 bytes | Modified Date = 1/15/2008 6:59:25 PM | Attr = ]
pbmarker[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\pbmarker[1].gif -> [Ver = | Size = 48 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
p_up[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\p_up[1].gif -> [Ver = | Size = 1402 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
qsscreen[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\qsscreen[1].gif -> [Ver = | Size = 934 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
question-icon[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\question-icon[1].gif -> [Ver = | Size = 1234 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
r3c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\r3c1[1].gif -> [Ver = | Size = 71 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
r4c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\r4c1[1].gif -> [Ver = | Size = 121 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
r4c5[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\r4c5[1].gif -> [Ver = | Size = 154 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
rte-bgcolor[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\rte-bgcolor[1].gif -> [Ver = | Size = 115 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte-dd-bg[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\rte-dd-bg[1].gif -> [Ver = | Size = 404 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte_dots[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\rte_dots[1].gif -> [Ver = | Size = 60 bytes | Modified Date = 1/15/2008 4:44:16 PM | Attr = ]
rte_tile[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\rte_tile[1].gif -> [Ver = | Size = 859 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
secpanel[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\secpanel[1].gif -> [Ver = | Size = 1829 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
snow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\snow[1].gif -> [Ver = | Size = 816 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
spellcheck[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\spellcheck[1].gif -> [Ver = | Size = 107 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
spyware[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\spyware[1].gif -> [Ver = | Size = 5587 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
TAanimatedBL[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\TAanimatedBL[1].gif -> [Ver = | Size = 345 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TAanimatedB[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\TAanimatedB[1].gif -> [Ver = | Size = 7265 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
thumbup2[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\thumbup2[1].gif -> [Ver = | Size = 486 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
tile_sub-lite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\tile_sub-lite[1].gif -> [Ver = | Size = 1511 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
tile_sub[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\tile_sub[1].gif -> [Ver = | Size = 1581 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
topGrey2White_grad[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\topGrey2White_grad[1].gif -> [Ver = | Size = 267 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
TripAdvisor-TR[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\TripAdvisor-TR[1].gif -> [Ver = | Size = 382 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
t_qr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\t_qr[1].gif -> [Ver = | Size = 1972 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
t_reply[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\t_reply[1].gif -> [Ver = | Size = 1957 bytes | Modified Date = 1/15/2008 4:29:33 PM | Attr = ]
wunderTransparent3[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\wunderTransparent3[1].gif -> [Ver = | Size = 4767 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
youtube[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VCN00YSG\youtube[1].gif -> [Ver = | Size = 583 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
011308misc3.120x600[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\011308misc3.120x600[1].gif -> [Ver = | Size = 17572 bytes | Modified Date = 1/15/2008 9:59:46 PM | Attr = ]
125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\125x125[1].gif -> [Ver = | Size = 15170 bytes | Modified Date = 1/15/2008 4:29:10 PM | Attr = ]
alert[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\alert[1].gif -> [Ver = | Size = 4524 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
anyadd[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\anyadd[1].gif -> [Ver = | Size = 565 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
blue_hurricane[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_hurricane[1].gif -> [Ver = | Size = 305 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
blue_printer[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_printer[1].gif -> [Ver = | Size = 234 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
blue_radar[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_radar[1].gif -> [Ver = | Size = 454 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
blue_satellite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\blue_satellite[1].gif -> [Ver = | Size = 312 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
buttonbg[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\buttonbg[1].gif -> [Ver = | Size = 46 bytes | Modified Date = 1/15/2008 7:06:49 PM | Attr = ]
chancesnow[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\chancesnow[1].gif -> [Ver = | Size = 759 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
clear[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\clear[1].gif -> [Ver = | Size = 49 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
CLSM-00014-cmb71_125x125[2].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\CLSM-00014-cmb71_125x125[2].gif -> [Ver = | Size = 8340 bytes | Modified Date = 1/15/2008 9:59:46 PM | Attr = ]
CLSM-scooby_3girl_80s_v2_NS_160x600[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\CLSM-scooby_3girl_80s_v2_NS_160x600[1].gif -> [Ver = | Size = 20474 bytes | Modified Date = 1/15/2008 9:59:46 PM | Attr = ]
css_img_code[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\css_img_code[1].gif -> [Ver = | Size = 408 bytes | Modified Date = 1/15/2008 6:59:45 PM | Attr = ]
css_pp_header[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\css_pp_header[1].gif -> [Ver = | Size = 2719 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
disc-cd[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\disc-cd[1].gif -> [Ver = | Size = 2214 bytes | Modified Date = 1/15/2008 7:06:48 PM | Attr = ]
flurl[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\flurl[1].gif -> [Ver = | Size = 1244 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
free[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\free[1].gif -> [Ver = | Size = 1315 bytes | Modified Date = 1/15/2008 4:45:26 PM | Attr = ]
greyBARwhite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\greyBARwhite[1].gif -> [Ver = | Size = 89 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
gui-menuMyOVG-BG[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\gui-menuMyOVG-BG[1].gif -> [Ver = | Size = 2410 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
hysterical[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\hysterical[1].gif -> [Ver = | Size = 14673 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
i30_bg3[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\i30_bg3[1].gif -> [Ver = | Size = 123 bytes | Modified Date = 1/15/2008 7:07:23 PM | Attr = ]
i30_boton_click[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\i30_boton_click[1].gif -> [Ver = | Size = 4731 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_icon[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\i30_icon[1].gif -> [Ver = | Size = 149 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
i30_image1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\i30_image1[1].gif -> [Ver = | Size = 4334 bytes | Modified Date = 1/15/2008 7:07:23 PM | Attr = ]
i30_image3[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\i30_image3[1].gif -> [Ver = | Size = 842 bytes | Modified Date = 1/15/2008 7:07:22 PM | Attr = ]
icon12[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\icon12[1].gif -> [Ver = | Size = 1067 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon4[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\icon4[1].gif -> [Ver = | Size = 671 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon8[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\icon8[1].gif -> [Ver = | Size = 677 bytes | Modified Date = 1/15/2008 4:44:19 PM | Attr = ]
icon_open[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\icon_open[1].gif -> [Ver = | Size = 91 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
IMGInfoBoxBottom[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\IMGInfoBoxBottom[1].gif -> [Ver = | Size = 131 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
IMGNavBarFill[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\IMGNavBarFill[1].gif -> [Ver = | Size = 66 bytes | Modified Date = 1/15/2008 7:07:06 PM | Attr = ]
index[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\index[1].gif -> [Ver = | Size = 43 bytes | Modified Date = 1/15/2008 10:41:17 PM | Attr = ]
loading_anim[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\loading_anim[1].gif -> [Ver = | Size = 2800 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
login-button[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\login-button[1].gif -> [Ver = | Size = 1226 bytes | Modified Date = 1/15/2008 4:29:29 PM | Attr = ]
logo-familyguyx[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\logo-familyguyx[1].gif -> [Ver = | Size = 1840 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
logo-feature-384[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\logo-feature-384[1].gif -> [Ver = | Size = 2873 bytes | Modified Date = 1/15/2008 4:43:46 PM | Attr = ]
logo-freeonlinemoviedatabase[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\logo-freeonlinemoviedatabase[1].gif -> [Ver = | Size = 2915 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
logo-linkjumble[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\logo-linkjumble[1].gif -> [Ver = | Size = 2281 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
lowrightr[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\lowrightr[1].gif -> [Ver = | Size = 826 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
mad[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\mad[1].gif -> [Ver = | Size = 699 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
menu_item[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\menu_item[1].gif -> [Ver = | Size = 87 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]
moon1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\moon1[1].gif -> [Ver = | Size = 1248 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
moon8[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\moon8[1].gif -> [Ver = | Size = 2223 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
nabolister[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\nabolister[1].gif -> [Ver = | Size = 429 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
nav[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\nav[1].gif -> [Ver = | Size = 113 bytes | Modified Date = 1/15/2008 4:29:30 PM | Attr = ]
nbclogo[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\nbclogo[1].gif -> [Ver = | Size = 1347 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
nt_cloudy[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\nt_cloudy[1].gif -> [Ver = | Size = 746 bytes | Modified Date = 1/15/2008 4:29:06 PM | Attr = ]
omegatube[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\omegatube[1].gif -> [Ver = | Size = 2288 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
pip[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\pip[1].gif -> [Ver = | Size = 125 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
powerflv11[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\powerflv11[1].gif -> [Ver = | Size = 521 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
privacy_protection_125x125[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\privacy_protection_125x125[1].gif -> [Ver = | Size = 2834 bytes | Modified Date = 1/15/2008 6:59:28 PM | Attr = ]
projectfreetv[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\projectfreetv[1].gif -> [Ver = | Size = 1277 bytes | Modified Date = 1/15/2008 4:43:47 PM | Attr = ]
p_quote[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\p_quote[1].gif -> [Ver = | Size = 1588 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
r1c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\r1c1[1].gif -> [Ver = | Size = 275 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
r5c1[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\r5c1[1].gif -> [Ver = | Size = 72 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
rss[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\rss[1].gif -> [Ver = | Size = 353 bytes | Modified Date = 1/15/2008 4:29:04 PM | Attr = ]
rte-list-numbered[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\rte-list-numbered[1].gif -> [Ver = | Size = 755 bytes | Modified Date = 1/15/2008 4:44:17 PM | Attr = ]
rte-resize-up[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\rte-resize-up[1].gif -> [Ver = | Size = 594 bytes | Modified Date = 1/15/2008 4:29:32 PM | Attr = ]
rte-toggle-html[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\rte-toggle-html[1].gif -> [Ver = | Size = 1276 bytes | Modified Date = 1/15/2008 4:44:16 PM | Attr = ]
sign-up10[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\sign-up10[1].gif -> [Ver = | Size = 5186 bytes | Modified Date = 1/15/2008 4:29:03 PM | Attr = ]
statefarmbanner[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\statefarmbanner[1].gif -> [Ver = | Size = 5888 bytes | Modified Date = 1/15/2008 10:19:03 PM | Attr = ]
thatvideosite[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\thatvideosite[1].gif -> [Ver = | Size = 2048 bytes | Modified Date = 1/15/2008 4:43:48 PM | Attr = ]
thumbup[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\thumbup[1].gif -> [Ver = | Size = 1704 bytes | Modified Date = 1/15/2008 4:44:18 PM | Attr = ]
topLight[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\topLight[1].gif -> [Ver = | Size = 136 bytes | Modified Date = 1/15/2008 4:29:02 PM | Attr = ]
Trip-Vegas[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\Trip-Vegas[1].gif -> [Ver = | Size = 954 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TripAdvisor-Blinky[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\TripAdvisor-Blinky[1].gif -> [Ver = | Size = 3363 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
TripAdvisor-T[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\TripAdvisor-T[1].gif -> [Ver = | Size = 77 bytes | Modified Date = 1/15/2008 4:29:05 PM | Attr = ]
t_new[1].gif -> C:\Documents and Settings\Marty\Local Settings\Temp\Temporary Internet Files\Content.IE5\VPQ4X848\t_new[1].gif -> [Ver = | Size = 1947 bytes | Modified Date = 1/15/2008 4:29:31 PM | Attr = ]

< End of report >

#9 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 January 2008 - 10:54 PM

i also removed Java 5.0 version 6, since i also had 5.0 version 9

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:00 AM

Posted 16 January 2008 - 11:48 PM

Hi marteny. Yeah, that machine is pretty heavily infected. Let's go for round 2 lol. First, print these directions because we will be booting to Safe Mode to run this part.

Next, open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> jkkkhhf -> jkkkhhf.dll
YN -> vtuutrp -> vtuutrp.dll
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
*.update_microsoft.com [https] -> Trusted sites
YN -> *.update_microsoft.com [https] -> Trusted sites
YN -> download_windowsupdate.com [https] -> Trusted sites
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {58A839B2-2252-47D8-8E27-76ECFB247DBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7645B948-C8BA-4FCF-A989-482CD7AFEAB3} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.]
YN -> {95e853f2-d8a9-4f1b-99a7-148c422ab5e6} [HKEY_LOCAL_MACHINE] -> %System32%\bugbvflc.dll [Reg Error: Value does not exist or could not be read.]
YN -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\vtuutrp.dll [Reg Error: Value does not exist or could not be read.]
YN -> {F34C67C2-15EE-46B0-B3E0-FA36F5A42AA0} [HKEY_LOCAL_MACHINE] -> %System32%\opnlm.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> 38C1.tmp -> %SystemDrive%\38C1.tmp
NY -> 3AFF.tmp -> %SystemDrive%\3AFF.tmp
NY -> 757E.tmp -> %SystemDrive%\757E.tmp
NY -> AFFF.tmp -> %SystemDrive%\AFFF.tmp
NY -> 000080.exe -> %System32%\000080.exe
NY -> ggggh.ini -> %System32%\ggggh.ini
NY -> ggggh.ini2 -> %System32%\ggggh.ini2
NY -> hgded.exe -> %System32%\hgded.exe
NY -> hgggg.exe -> %System32%\hgggg.exe
NY -> khfda.exe -> %System32%\khfda.exe
NY -> kjjjl.ini -> %System32%\kjjjl.ini
NY -> kjjjl.ini2 -> %System32%\kjjjl.ini2
NY -> lnoqr.ini -> %System32%\lnoqr.ini
NY -> lnoqr.ini2 -> %System32%\lnoqr.ini2
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mljii.exe -> %System32%\mljii.exe
NY -> mljji.exe -> %System32%\mljji.exe
NY -> mmlnn.ini -> %System32%\mmlnn.ini
NY -> mmlnn.ini2 -> %System32%\mmlnn.ini2
NY -> nmlnn.ini -> %System32%\nmlnn.ini
NY -> nmlnn.ini2 -> %System32%\nmlnn.ini2
NY -> nnlmm.exe -> %System32%\nnlmm.exe
NY -> opnlm.exe -> %System32%\opnlm.exe
NY -> rqonl.exe -> %System32%\rqonl.exe
NY -> rqooo.exe -> %System32%\rqooo.exe
NY -> rqrsr.exe -> %System32%\rqrsr.exe
NY -> rsrqr.ini -> %System32%\rsrqr.ini
NY -> rsrqr.ini2 -> %System32%\rsrqr.ini2
NY -> urqnn.exe -> %System32%\urqnn.exe
NY -> xxyvt.exe -> %System32%\xxyvt.exe
NY -> xxyyx.exe -> %System32%\xxyyx.exe
[Files/Folders - Modified Within 30 days]
NY -> 38C1.tmp -> %SystemDrive%\38C1.tmp
NY -> 3AFF.tmp -> %SystemDrive%\3AFF.tmp
NY -> 757E.tmp -> %SystemDrive%\757E.tmp
NY -> AFFF.tmp -> %SystemDrive%\AFFF.tmp
NY -> 000080.exe -> %System32%\000080.exe
NY -> ggggh.ini -> %System32%\ggggh.ini
NY -> ggggh.ini2 -> %System32%\ggggh.ini2
NY -> hgded.exe -> %System32%\hgded.exe
NY -> hgggg.exe -> %System32%\hgggg.exe
NY -> khfda.exe -> %System32%\khfda.exe
NY -> kjjjl.ini -> %System32%\kjjjl.ini
NY -> kjjjl.ini2 -> %System32%\kjjjl.ini2
NY -> lnoqr.ini -> %System32%\lnoqr.ini
NY -> lnoqr.ini2 -> %System32%\lnoqr.ini2
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mljii.exe -> %System32%\mljii.exe
NY -> mljji.exe -> %System32%\mljji.exe
NY -> mmlnn.ini -> %System32%\mmlnn.ini
NY -> mmlnn.ini2 -> %System32%\mmlnn.ini2
NY -> nmlnn.ini -> %System32%\nmlnn.ini
NY -> nmlnn.ini2 -> %System32%\nmlnn.ini2
NY -> nnlmm.exe -> %System32%\nnlmm.exe
NY -> opnlm.exe -> %System32%\opnlm.exe
NY -> rqonl.exe -> %System32%\rqonl.exe
NY -> rqooo.exe -> %System32%\rqooo.exe
NY -> rqrsr.exe -> %System32%\rqrsr.exe
NY -> rsrqr.ini -> %System32%\rsrqr.ini
NY -> rsrqr.ini2 -> %System32%\rsrqr.ini2
NY -> urqnn.exe -> %System32%\urqnn.exe
NY -> xxyvt.exe -> %System32%\xxyvt.exe
NY -> xxyyx.exe -> %System32%\xxyyx.exe
[Empty Temp Folders]
[Reboot]

Save the document to your desktop as wpf352.txt and close Notepad.

Now, reboot into Safe Mode by doing the following.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Start WinPFind35U. Open Notepad and then open the wpf352.txt file that you saved to your desktop. Copy/paste the contents of the Notepad file into the WinPFind35u textbox where it says Paste Fix Here and click the Run Fix button.

When the fix is done you will be asked to reboot. Choose Yes and reboot normally.

Look in the MovedFiles folder for the .log file and post it back here (or maybe not if the same thing happens lol). We'll take it from there.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 17 January 2008 - 12:41 PM

Printed instructions--Saved wpf352.txt-- rebooted in safe mode---
Same thing happened-- locked up; had to use windows task manager to turn it off-- processor was running at 100%; two instances of winpfind35u running on applications screen.
No *.log file in movedfiles found on reboot.

Edited by marteny, 17 January 2008 - 01:42 PM.


#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:00 AM

Posted 17 January 2008 - 01:48 PM

Hi marteny. Yeah, that's a pretty nasty infection and it is pretty well entrenched in there. We need something with a little more kick. Follow the steps below in order.

Step #1

Sownload The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Step #2

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\38C1.tmp
c:\3AFF.tmp
c:\757E.tmp
x:\AFFF.tmp
c:\windows\system32\jkkkhhf.dll
c:\windows\system32\vtuutrp.dll
c:\windows\system32\opnlm.dll
c:\windows\system32\bugbvflc.dll
c:\windows\system32\vtuutrp.dll
c:\windows\system32\opnlm.dll
c:\windows\system32\000080.exe
c:\windows\system32\ggggh.ini
c:\windows\system32\ggggh.ini2
c:\windows\system32\hgded.exe
c:\windows\system32\hgggg.exe
c:\windows\system32\khfda.exe
c:\windows\system32\kjjjl.ini
c:\windows\system32\kjjjl.ini2
c:\windows\system32\lnoqr.ini
c:\windows\system32\lnoqr.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\mljii.exe
c:\windows\system32\mljji.exe
c:\windows\system32\mmlnn.ini
c:\windows\system32\mmlnn.ini2
c:\windows\system32\nmlnn.ini
c:\windows\system32\nmlnn.ini2
c:\windows\system32\nnlmm.exe
c:\windows\system32\opnlm.exe
c:\windows\system32\rqonl.exe
c:\windows\system32\rqooo.exe
c:\windows\system32\rqrsr.exe
c:\windows\system32\rsrqr.ini
c:\windows\system32\rsrqr.ini2
c:\windows\system32\urqnn.exe
c:\windows\system32\xxyvt.exe
c:\windows\system32\xxyyx.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Step #3

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
Step #4

The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #5

Copy/paste the content of c:\avenger.txt into your next reply and I will review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 17 January 2008 - 03:52 PM

I'm on the other computer.... the one we are working on is black sceened, "verifying pool data........"--- not a good restart. I think it needs to be restarted, but something went awry.

I'm leaving it alone in the outside chance that it will one day verify its pool data and move on... I'm not holding my breath :thumbsup:

Edited by marteny, 17 January 2008 - 03:54 PM.


#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:00 AM

Posted 17 January 2008 - 04:35 PM

Hi marteny. That would point to some sort of bios issue. Try rebooting and going into the bios. Find the option to reset to defaults and then save and exit. See if the boot goes normally after that.

Cheers.

TO
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 marteny

marteny
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 17 January 2008 - 05:56 PM

i loaded fail safe requirements in bios and it appears to be coming up. I will follow through with the rest of the instructions while on the other computer, unless there is a problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users