Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Popups


  • Please log in to reply
19 replies to this topic

#1 metaphist

metaphist

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 December 2005 - 03:39 PM

I experience random popus when surfing the internet. Funny thing is, they only pop up in IE windows, and I browse in Firefox. I've run (mulitple times) Spybot, Adaware, Ewido, and have done virus scans. Spyware cookies and such continue to be detected and removed when I scan, but still show up again at later scans. Can't seem to get rid of them, or find what is causing them to come back.

Logfile of HijackThis v1.99.1
Scan saved at 3:36:14 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1134364602\ee\aolsoftware.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
D:\Program Files\Utilities\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD2.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 December 2005 - 06:05 PM

Hi peford and Welcome to the Bleeping Computer!

I dont see anything of concern in the HijackThis log.

I need a deeper look inside there to see what I can see,please.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Post back with a fresh HijackThis log and the results of WinPFind and Blacklight.

#3 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 December 2005 - 12:55 PM

I ran WinPFind twice, and both times it displayed an error at the same spot in the scan, and would seem just sit there. I waited a good ten minuets but the scan didn't continue. The error read something like "Failed to find data for 'Place0'" I had to copy and paste the results.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 11/22/2005 2:49:30 AM 97792 C:\WINDOWS\RootkitRevealer.exe

Checking %System% folder...
UPX! 11/25/2005 10:28:34 PM 55296 C:\WINDOWS\SYSTEM32\AutoPlay.cpl
UPX! 10/20/2005 12:17:52 AM 55296 C:\WINDOWS\SYSTEM32\BootVis.cpl
UPX! 10/20/2005 12:17:52 AM 265216 C:\WINDOWS\SYSTEM32\BootVis.EXE
UPX! 10/22/2005 7:18:24 PM 55296 C:\WINDOWS\SYSTEM32\CDImageGUI.cpl
UPX! 10/22/2005 7:18:24 PM 517120 C:\WINDOWS\SYSTEM32\CDImageGUI.exe
UPX! 11/26/2005 10:01:40 PM 31744 C:\WINDOWS\SYSTEM32\Contig.exe
UPX! 11/22/2005 2:49:20 AM 35840 C:\WINDOWS\SYSTEM32\CProcess.exe
UPX! 11/26/2005 10:01:42 PM 55296 C:\WINDOWS\SYSTEM32\Defrag.cpl
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 11/22/2005 2:49:20 AM 120947 C:\WINDOWS\SYSTEM32\FlushCode.exe
UPX! 11/22/2005 2:49:24 AM 26112 C:\WINDOWS\SYSTEM32\iconsext.exe
PTech 11/28/2005 11:12:48 AM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 11/22/2005 8:33:56 AM 10752 C:\WINDOWS\SYSTEM32\modifyPE.exe
PECompact2 11/8/2005 6:13:38 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/8/2005 6:13:38 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 11/25/2005 5:43:08 PM 55296 C:\WINDOWS\SYSTEM32\MSVirtualCD.cpl
UPX! 11/25/2005 5:34:04 PM 55296 C:\WINDOWS\SYSTEM32\MS_TimeZone.cpl
UPX! 11/22/2005 2:49:26 AM 33792 C:\WINDOWS\SYSTEM32\myuninst.exe
UPX! 11/26/2005 4:13:40 AM 417792 C:\WINDOWS\SYSTEM32\Notepad2.EXE
aspack 8/3/2004 8:26:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 11/25/2005 11:00:20 PM 71168 C:\WINDOWS\SYSTEM32\pserv2.exe
Umonitor 8/3/2004 8:26:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 10/20/2005 12:29:24 AM 55296 C:\WINDOWS\SYSTEM32\RESHACK.cpl
UPX! 10/20/2005 12:29:24 AM 335360 C:\WINDOWS\SYSTEM32\RESHACK.EXE
UPX! 10/20/2005 1:07:02 AM 55296 C:\WINDOWS\SYSTEM32\SAFEXP.cpl
UPX! 10/20/2005 1:07:02 AM 345600 C:\WINDOWS\SYSTEM32\SAFEXP.EXE
UPX! 11/25/2005 11:00:20 PM 55296 C:\WINDOWS\SYSTEM32\Services.cpl
UPX! 11/22/2005 2:49:30 AM 37888 C:\WINDOWS\SYSTEM32\shexview.exe
UPX! 11/22/2005 2:49:30 AM 36352 C:\WINDOWS\SYSTEM32\shmnview.exe
UPX! 10/22/2005 1:31:46 PM 38400 C:\WINDOWS\SYSTEM32\Startup.cpl
UPX! 11/22/2005 2:49:30 AM 26624 C:\WINDOWS\SYSTEM32\strun.exe
UPX! 10/19/2005 11:59:46 PM 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl
UPX! 11/25/2005 11:22:40 PM 55296 C:\WINDOWS\SYSTEM32\Updates.cpl
UPX! 11/22/2005 2:49:30 AM 126464 C:\WINDOWS\SYSTEM32\UPX.exe
UPX! 10/22/2005 7:07:22 PM 55296 C:\WINDOWS\SYSTEM32\UPXShell.cpl
UPX! 10/22/2005 7:07:22 PM 211456 C:\WINDOWS\SYSTEM32\UPXShell.exe
UPX! 11/25/2005 5:43:08 PM 12288 C:\WINDOWS\SYSTEM32\VCdControlTool.exe
UPX! 11/25/2005 11:22:40 PM 35840 C:\WINDOWS\SYSTEM32\wul.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/15/2005 11:40:36 AM S 2048 C:\WINDOWS\bootstat.dat
12/15/2005 11:39:34 AM H 24 C:\WINDOWS\p2c3H
12/13/2005 4:26:50 AM H 54156 C:\WINDOWS\QTFont.qfn
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
12/1/2005 5:50:46 PM RHS 227 C:\WINDOWS\assembly\Desktop.ini
12/1/2005 5:50:46 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
12/1/2005 5:50:46 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat
12/1/2005 6:21:12 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
12/1/2005 6:21:16 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
12/1/2005 5:42:36 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/1/2005 5:43:56 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
12/1/2005 5:47:50 PM H 0 C:\WINDOWS\inf\oem0.inf
12/2/2005 1:14:00 AM H 0 C:\WINDOWS\inf\oem6.inf
12/1/2005 5:42:36 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
12/1/2005 5:43:18 PM RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
12/1/2005 5:43:18 PM RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
12/1/2005 5:43:18 PM RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
12/1/2005 5:47:58 PM H 270336 C:\WINDOWS\repair\ntuser.dat
12/2/2005 3:26:56 PM RHS 1877 C:\WINDOWS\system\DRIVER\servicesmgr.dll
12/2/2005 3:26:52 PM RHS 1575 C:\WINDOWS\system\DRIVER\winlogon.dll
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
12/1/2005 5:42:36 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
12/1/2005 5:42:36 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
11/6/2005 4:16:58 PM S 8781 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\codecs10.cat
11/7/2005 6:01:22 AM S 8818 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10-2.cat
11/6/2005 4:16:58 PM S 9079 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10.cat
10/17/2005 1:36:26 PM S 10425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB890463.cat
10/23/2005 8:17:50 AM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB891593.cat
10/23/2005 8:17:50 AM S 9500 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB895961.cat
11/8/2005 6:13:36 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/23/2005 8:17:50 AM S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898108.cat
11/4/2005 3:45:54 PM S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898439.cat
10/23/2005 8:17:50 AM S 11265 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899337.cat
10/23/2005 8:17:50 AM S 9500 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899510.cat
10/17/2005 1:48:26 PM S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB902149.cat
10/23/2005 8:17:50 AM S 9500 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB902841.cat
10/23/2005 8:17:50 AM S 11147 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905519.cat
10/23/2005 8:17:50 AM S 10151 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905816.cat
10/23/2005 8:17:50 AM S 11138 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB906688.cat
11/4/2005 3:45:54 PM S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB906866.cat
11/6/2005 3:32:00 PM S 8303 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB907658.cat
11/19/2005 1:01:30 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910393.cat
11/6/2005 4:16:58 PM S 7291 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPPRE10.cat
11/6/2005 4:17:00 PM S 9377 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMDM10.cat
11/6/2005 4:17:00 PM S 11463 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFSDK10.cat
11/6/2005 4:17:00 PM S 10859 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WPD10.cat
12/15/2005 11:40:28 AM H 8192 C:\WINDOWS\system32\config\default.LOG
12/15/2005 11:40:44 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/15/2005 11:40:38 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/15/2005 12:04:16 PM H 114688 C:\WINDOWS\system32\config\software.LOG
12/15/2005 12:01:52 PM H 917504 C:\WINDOWS\system32\config\system.LOG
12/1/2005 12:22:44 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
12/1/2005 12:22:46 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
12/1/2005 12:25:38 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
12/1/2005 6:31:18 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
12/1/2005 6:31:18 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
12/1/2005 12:25:38 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
12/1/2005 5:46:28 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
12/1/2005 5:46:28 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3ZWEQNH5\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JEYBCW8D\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LPWGTCDE\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NMF0ZEFP\desktop.ini
12/1/2005 5:42:30 PM HS 118 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
12/1/2005 12:25:38 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
12/1/2005 5:44:50 PM HS 148 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
12/1/2005 5:44:50 PM HS 421 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
12/1/2005 5:44:50 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
12/1/2005 5:44:50 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
12/1/2005 5:49:34 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\350dc5eb-1690-44eb-9cc1-f50248b38a58
12/1/2005 5:49:34 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/15/2005 11:39:42 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
5/25/2004 10:06:58 AM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Realtek Semiconductor Corp. 5/14/2003 9:19:16 AM 6843904 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/3/2004 8:26:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/25/2005 10:28:34 PM 55296 C:\WINDOWS\SYSTEM32\AutoPlay.cpl
10/20/2005 12:17:52 AM 55296 C:\WINDOWS\SYSTEM32\BootVis.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
10/22/2005 7:18:24 PM 55296 C:\WINDOWS\SYSTEM32\CDImageGUI.cpl
11/26/2005 4:01:22 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl
11/26/2005 10:01:42 PM 55296 C:\WINDOWS\SYSTEM32\Defrag.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 11/25/2005 11:31:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl
Microsoft Corporation 10/15/2005 8:41:42 AM 80896 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 8/26/2005 6:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
11/25/2005 5:43:08 PM 55296 C:\WINDOWS\SYSTEM32\MSVirtualCD.cpl
11/25/2005 5:34:04 PM 55296 C:\WINDOWS\SYSTEM32\MS_TimeZone.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intersil Americas Inc. 5/28/2003 11:03:50 PM 314452 C:\WINDOWS\SYSTEM32\PRISMCFG.cpl
11/10/2005 8:55:38 PM 131072 C:\WINDOWS\SYSTEM32\REGEDIT.CPL
10/20/2005 12:29:24 AM 55296 C:\WINDOWS\SYSTEM32\RESHACK.cpl
10/20/2005 1:07:02 AM 55296 C:\WINDOWS\SYSTEM32\SAFEXP.cpl
11/25/2005 11:00:20 PM 55296 C:\WINDOWS\SYSTEM32\Services.cpl
10/22/2005 1:31:46 PM 38400 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
10/19/2005 11:59:46 PM 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl
11/25/2005 11:22:40 PM 55296 C:\WINDOWS\SYSTEM32\Updates.cpl
10/22/2005 7:07:22 PM 55296 C:\WINDOWS\SYSTEM32\UPXShell.cpl
Creative Technology Ltd. 7/23/2003 9:45:02 AM 172032 C:\WINDOWS\SYSTEM32\USBAudio.cpl
Microsoft Corporation 6/15/2005 11:43:38 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/1/2005 7:16:52 PM 1727 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
12/1/2005 5:44:50 PM HS 84 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/1/2005 12:25:38 PM HS 62 E:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
12/2/2005 1:49:04 PM 822 E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
12/1/2005 5:44:50 PM HS 84 E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
12/1/2005 12:25:38 PM HS 62 E:\Documents and Settings\Administrator\Application Data\desktop.ini
12/2/2005 3:28:50 PM 125 E:\Documents and Settings\Administrator\Application Data\iPod Access v2 Prefs
12/2/2005 3:13:38 PM H 11 E:\Documents and Settings\Administrator\Application Data\iPodAccess_Time

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{281CBB00-E8AE-4B03-A7C7-221446698C0A} = C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ShellExt\ContextMenuExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ShellExt\ContextMenuExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ACShell
{D3F9A525-8824-497A-BE36-B23E22F141FC} = C:\Program Files\Attribute Changer\acshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Command Box Context Menu Handler
{00537963-0001-0001-0004-00c0dfe64a64} = C:\WINDOWS\system32\ShellExt\cmdhere.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ContextAttrib
{0A435D73-6459-4b87-971D-0EEBFD2495BA} = C:\WINDOWS\system32\ShellExt\ContextAttrib.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ShellExt\ContextMenuExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Ninotech Date Edit
{EECEEFEE-3DF7-11D0-9576-0000837A2FDD} = C:\WINDOWS\system32\ShellExt\DateEd32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Ninotech Path Copy
{EECEEFEE-3DF7-11D0-9576-0000837A2FDE} = C:\WINDOWS\system32\ShellExt\PathCo32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnlockerShellExtension
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}
= C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= D:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
SoundMan SOUNDMAN.EXE
CTDVDDet D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
CTSysVol D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
SbUsb AudCtrl RunDll32 sbusbdll.dll,RCMonitor
UpdReg C:\WINDOWS\UpdReg.EXE
AVG7_CC D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Acronis True Image Monitor "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
Acronis Scheduler2 Service "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
iTunesHelper "D:\Program Files\iTunes\iTunesHelper.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HostManager C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskSwitchXP C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
RoboForm "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Aim6

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDesktopCleanupWizard 1
ForceClassicControlPanel 1
NoRemoteRecursiveEvents 1
MemCheckBoxInRunDlg 1
DisableCAD 1
NoRecentDocsMenu 1
NoFavoritesMenu 0
NoSMMyDocs 0
NoSMMyPictures 0
NoStartMenuMyMusic 0
NoRecentDocsHistory 1
NoRecentDocsNetHood 0
NoSMHelp 0
NoRun 0
NoInstrumentation 0
NoSimpleStartMenu 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
NoInternetOpenWith 1
DisableCAD 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\Placesbar

#4 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 15 December 2005 - 12:58 PM

Blacklight results

12/15/05 12:35:28 [Info]: BlackLight Engine 1.0.30 initialized
12/15/05 12:35:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/15/05 12:35:28 [Note]: 7019 4
12/15/05 12:35:28 [Note]: 7005 0
12/15/05 12:43:10 [Note]: 7006 0
12/15/05 12:43:10 [Note]: 7011 1876
12/15/05 12:43:11 [Note]: 7018 476
12/15/05 12:43:11 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\SLALBIOP.EXE
12/15/05 12:43:11 [Note]: 7018 1108
12/15/05 12:43:11 [Info]: Hidden process: C:\PROGRAM FILES\ATIIPOD\IPRMSI.EXE
12/15/05 12:43:11 [Note]: FSRAW library version 1.7.1014
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\ace.dll
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_09-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_10-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_11-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_12-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_13-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_14-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\AI_15-12-2005.log
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4390ad77_00089544
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4390ce5f_000e8b25
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4390d429_0006acfc
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4391a0d6_0003567e
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4392f557_000501bd
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4393203b_0001ab3f
12/15/05 12:43:12 [Note]: 7002 0
12/15/05 12:43:12 [Note]: 7003 1
12/15/05 12:43:12 [Note]: 10002 3
12/15/05 12:43:12 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4393694f_0006ea05
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_43939caf_00089544
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4393c786_0005b8d8
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4394be1d_000d9701
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4394ccb7_00031975
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4394daa7_00007a12
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_4394e8e6_00094c5f
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_43951349_000bebc2
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000041bb_4390dd35_00057bcf
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000041bb_4391a3b5_000ca2dd
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000041bb_4392f66d_000cdfe6
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_4390c27c_000487ab
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_4390fbb2_000487ab
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_4391acaf_000c65d4
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_4392f848_000e8b25
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:13 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_4393779c_0006ea05
12/15/05 12:43:13 [Note]: 7002 0
12/15/05 12:43:13 [Note]: 7003 1
12/15/05 12:43:13 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_4397049d_00057bcf
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_43973468_000b71b0
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_439c6dcd_000bebc2
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000422d_439f1012_000b71b0
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004230_4390fb3b_0008d24d
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004230_4391aa54_0007a120
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004230_4392f7b1_00081b32
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004230_439338db_00098968
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004230_4393765a_0005f5e1
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004230_4393cd1d_000632ea
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4390dc22_000f0537
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4391a3aa_000aba95
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4392f666_000c65d4
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4393218d_00057bcf
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4393700e_000b34a7
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_43939d82_00040d99
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4393c7a9_0006ea05
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_439487c8_0003d090
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4394b51e_0009c671
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4394ef42_0001e848
12/15/05 12:43:14 [Note]: 7002 0
12/15/05 12:43:14 [Note]: 7003 1
12/15/05 12:43:14 [Note]: 10002 3
12/15/05 12:43:14 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4395b5ae_0001ab3f
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4395ea6a_00044aa2
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001649_4396f443_000c65d4
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4390dc22_00057bcf
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4391a240_00044aa2
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4392f5cb_00029f63
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4393218d_0004c4b4
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_43936fe7_000f0537
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_43939cf0_00066ff3
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4393c7a4_000c65d4
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_43944329_000e1113
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_43948760_0007a120
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4394b51e_0003d090
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4394d16b_0002625a
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4394ef1e_000501bd
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4395b575_0006ea05
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005f90_4396f425_000ca2dd
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002c3b_4390c013_00089544
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002c49_4390c403_00016e36
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002cd6_4390dc21_00076417
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_4390b2dd_0002625a
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_4391a5f3_00040d99
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_4392f698_000a4083
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_43933538_0003567e
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_439375a1_000cdfe6
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_4396fb98_00031975
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_43970a54_000f0537
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_43971dc0_000aba95
12/15/05 12:43:15 [Note]: 7002 0
12/15/05 12:43:15 [Note]: 7003 1
12/15/05 12:43:15 [Note]: 10002 3
12/15/05 12:43:15 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_43976291_00057bcf
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_439779e8_000487ab
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_439a6e58_00090f56
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002d12_439aff1c_0006acfc
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006df1_4390dcac_0009c671
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006d69_4390fc2e_00040d99
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006df1_4391a3b0_00039387
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4390b304_00039387
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4390e047_000d9701
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4391a6a6_0003567e
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4392f6c0_000d9701
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_439375b6_0007de29
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4393c9fb_00066ff3
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4396fbd7_000e1113
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_43970a91_0003d090
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_43971ed9_0008583b
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_43977b7e_00066ff3
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_4398d450_0004b6e2
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006e5d_439a576c_00016e36
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_43951d8f_0007de29
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_43987086_000ca2dd
12/15/05 12:43:16 [Note]: 7002 0
12/15/05 12:43:16 [Note]: 7003 1
12/15/05 12:43:16 [Note]: 10002 3
12/15/05 12:43:16 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000029_439ae6ad_00007a12
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000008c_43930141_000487ab
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000099_43975ff3_00066ff3
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000120_4390b332_000baeb9
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000124_4394f001_0006ea05
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000124_439d0966_00081b32
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000001eb_4393c7da_000a037a
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000001eb_439a5a23_000dd40a
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000001eb_4390de1c_0006ea05
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000384_4390c46b_0008d24d
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000588_439146fb_00081b32
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000677_4392f8a0_0003567e
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000732_439336b8_000e1113
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_4391a656_0003d090
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_4392f69e_000487ab
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_43933542_00053ec6
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_439375a3_0006acfc
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_43948bc9_0003d090
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_4396fb9b_00039387
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_43970a59_00039387
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_43971dc1_00057bcf
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_43976292_0007a120
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_439767c7_0000b71b
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_439779e9_00003d09
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_4398fee0_000b75bd
12/15/05 12:43:17 [Note]: 7002 0
12/15/05 12:43:17 [Note]: 7003 1
12/15/05 12:43:17 [Note]: 10002 3
12/15/05 12:43:17 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_439a3e58_0004c4b4
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004dc8_439a6f63_00098968
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4391a77c_00040d99
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4392f717_0008583b
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_43933694_000a7d8c
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4393ca8d_000aba95
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4394fc64_000dd40a
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4396fc08_00000000
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_43970ff9_00066ff3
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_43971f2a_00094c5f
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4397804f_00007a12
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_4398d49e_000da2b8
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_439c5d62_0001312d
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_439d0219_0001ab3f
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_439dc0f0_00022551
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:18 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00000bdb_439dfbb1_000501bd
12/15/05 12:43:18 [Note]: 7002 0
12/15/05 12:43:18 [Note]: 7003 1
12/15/05 12:43:18 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_4390fb8f_00094c5f
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_4392f7ea_0009c671
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_43937687_0002dc6c
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_4393ce69_00081b32
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_43950926_000baeb9
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_439700fb_0006acfc
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_43971711_000501bd
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_43972078_000ca2dd
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_439dcf04_00098968
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_439f0fc2_000aba95
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000036a1_43938342_000e4e1c
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000036c2_43930107_000501bd
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000036c2_43938232_000a4083
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000366b_4390be43_0002dc6c
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003699_4390c143_0005b8d8
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000368e_4390c2fe_00057bcf
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000366b_4390fb3b_00022551
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003765_43930132_000bebc2
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:19 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003765_43938365_00076417
12/15/05 12:43:19 [Note]: 7002 0
12/15/05 12:43:19 [Note]: 7003 1
12/15/05 12:43:19 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000037be_4393013e_0000b71b
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000037be_4393838f_000632ea
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000037e5_4390fc0c_000d9701
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005753_4390c1db_0002dc6c
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005772_4390fb90_000e1113
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005753_4390fbaa_00090f56
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005804_439303a8_000b71b0
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005815_4392fa60_00076417
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005841_4393015e_0008583b
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005841_439383c9_000baeb9
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005876_4390fe4b_00090f56
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005876_4392f99d_00098968
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005876_43937d8d_000501bd
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005878_4390b357_00029f63
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005878_4390fae6_000bebc2
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005878_4391a7c8_00003d09
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005878_4392f733_000aba95
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00005878_439337d6_0001312d
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000022cd_4390c412_0003d090
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002213_4390e174_00057bcf
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002332_43930173_00016e36
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002332_43938410_00000000
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4390b342_000dd40a
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4390e1bb_000632ea
12/15/05 12:43:20 [Note]: 7002 0
12/15/05 12:43:20 [Note]: 7003 1
12/15/05 12:43:20 [Note]: 10002 3
12/15/05 12:43:20 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4391a791_0007a120
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4392f72b_000d9701
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4393cc2c_00044aa2
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4394fc9b_00089544
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4396fcec_000c28cb
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4397108f_00089544
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_43971f5a_000501bd
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439780c6_00000000
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_4398d4d4_000c08fd
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439c5eeb_0005b8d8
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439d0229_00057bcf
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439dc3c4_000bebc2
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439dfc2d_000ec82e
12/15/05 12:43:21 [Note]: 7002 0
12/15/05 12:43:21 [Note]: 7003 1
12/15/05 12:43:21 [Note]: 10002 3
12/15/05 12:43:21 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439e91c0_000f0537
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439f0e63_00094c5f
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_439f34c6_00007a12
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00002350_43a04d90_00016e36
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_4390fb7c_0005f5e1
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_4391aa8f_00089544
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_4392f7de_00090f56
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_43937679_0006acfc
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_43950922_000cdfe6
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_439700de_00031975
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_4397165a_00040d99
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_43971ffe_000501bd
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_439c6646_0001312d
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_439dccab_000baeb9
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_439e0853_00003d09
12/15/05 12:43:22 [Note]: 7002 0
12/15/05 12:43:22 [Note]: 7003 1
12/15/05 12:43:22 [Note]: 10002 3
12/15/05 12:43:22 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_439f0fb2_00066ff3
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000079d1_439380e8_00029f63
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000797d_4390b684_00007a12
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000798b_4390c101_0006acfc
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00007983_4390c35c_000501bd
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000797d_4391a8b8_00029f63
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00007a36_4393013a_00076417
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00007a36_43938384_000e1113
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004823_4390ce60_00090f56
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00004908_43930295_0006acfc
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_4390b045_0002625a
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_4391a5db_0005f5e1
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_4392f691_000b71b0
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_43933155_000bebc2
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_439370a5_00016e36
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_43948a83_0000b71b
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_4394b7fc_00016e36
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_4394f005_00053ec6
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_43960254_000b71b0
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_4396fb20_0008583b
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_43971dac_000c28cb
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000491c_439760ec_0003d090
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_4390fb95_0007a120
12/15/05 12:43:23 [Note]: 7002 0
12/15/05 12:43:23 [Note]: 7003 1
12/15/05 12:43:23 [Note]: 10002 3
12/15/05 12:43:23 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_4391ab65_000487ab
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_4392f802_000aba95
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_4393768e_00066ff3
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_439700fc_0007a120
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_43971acd_0005b8d8
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_4397323e_00090f56
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_439dcf2a_00016e36
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000692c_439f0fd0_0000b71b
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_4390aeac_000d1cef
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_4390dc22_00040d99
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_4391a1fa_0009c671
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_4392f5c6_0000f424
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_43939cd7_000af79e
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_4393c7a3_000ec82e
12/15/05 12:43:24 [Note]: 7002 0
12/15/05 12:43:24 [Note]: 7003 1
12/15/05 12:43:24 [Note]: 10002 3
12/15/05 12:43:24 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00006952_43944328_0007de29
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000012e1_4390c0ff_00039387
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\000012db_4390de45_00039387
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001316_43937d8d_000aba95
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000134c_4393022b_000c65d4
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_4390be2d_000b71b0
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_4390fb37_00076417
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_4392f787_00094c5f
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439338da_0001ab3f
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_43937657_0007a120
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_4394ff77_000487ab
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_4396ff32_000ca2dd
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439714b2_0005f5e1
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_43971f87_000e1113
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_43978289_00057bcf
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439d2047_00090f56
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439dc53f_000cdfe6
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439e053f_000af79e
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439f0f45_00031975
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00001366_439f369e_0001ab3f
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000138a_4392fa38_00090f56
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:25 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000138a_43937e79_000e8b25
12/15/05 12:43:25 [Note]: 7002 0
12/15/05 12:43:25 [Note]: 7003 1
12/15/05 12:43:25 [Note]: 10002 3
12/15/05 12:43:26 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000139d_4390c149_000d9701
12/15/05 12:43:26 [Note]: 7002 0
12/15/05 12:43:26 [Note]: 7003 1
12/15/05 12:43:26 [Note]: 10002 3
12/15/05 12:43:26 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000139d_4390fb94_0005b8d8
12/15/05 12:43:26 [Note]: 7002 0
12/15/05 12:43:26 [Note]: 7003 1
12/15/05 12:43:26 [Note]: 10002 3
12/15/05 12:43:26 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\0000139d_4391ab1d_0005b8d8
12/15/05 12:43:26 [Note]: 7002 0
12/15/05 12:43:26 [Note]: 7003 1
12/15/05 12:43:26 [Note]: 10002 3
12/15/05 12:43:26 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003d6c_4390dc0b_0008d24d
12/15/05 12:43:26 [Note]: 7002 0
12/15/05 12:43:26 [Note]: 7003 1
12/15/05 12:43:26 [Note]: 10002 3
12/15/05 12:43:26 [Info]: Hidden file: C:\Program Files\Atiipod\Cache\00003d6c_4391a127_000

#5 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 15 December 2005 - 01:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:57:33 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Utilities\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2005 - 01:05 PM

Can you tell me the specific uses for this Computer?

I am going have a second look and find a decent starting point!

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2005 - 02:05 PM

Sorry for the delay,the WinPFind log tossed me for a loop,obviously this is one tweaked machine!

Lets see if we can get the nasties sorted out of there.


If you will navigate to this site
http://www.bleepingcomputer.com/submit-malware.php

Follow the Instructions and upload all the files you find in this folder

C:\WINDOWS\system\DRIVER

Note that the Driver folder is located in the System folder and not the System32 folder.

Unless you know where it came from,I would like to have a peek at all the files from that folder.

Now,lets see if we can deal with the Apropos infection.


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.


After the fix has completed-> Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with log from the AproposFix

Edited by Cretemonster, 15 December 2005 - 03:32 PM.


#8 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 December 2005 - 01:57 AM

Ok, get this: there IS no "DRIVER" folder in the windows/system folder. The windows/system32/drivers folder is there, of course, but there are absolutely no other folders in the windows/system folder, just some .dll files.

It's late, so I'll do the virus scan in the mourning. But in the mean time, here are the other two logs:

Log of AproposFix v1

************

Running from directory:
E:\Documents and Settings\Administrator\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C2TimAAoYVq9]
@="VTCBDDTbccbccdc4FSOUFSbccbrec7x.s:73cTZTUFNihcESJWFSTcNTLhNUBHdTZT"
"Device"="\\\\.\\Ternter"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\msk2mtag.sys"
"DriverName"="usbaccs"
"HideUninstallerName"="C:\\Program Files\\Atiipod\\dgnmsi.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\ckcifype.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B9DF27F5-C133-48CE-9579-BA0EAF713523}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\subsvpsp.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X2e62b55-56e5-4dcb-3df5-931326e30397}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80

************

Removing hidden service:
Service usbaccs removed.

Removing hidden folder:
Deletion of folder Atiipod succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\msk2mtag.sys succeeded!
Deletion of file C:\WINDOWS\system32\slalbiop.exe succeeded!
Deletion of file C:\WINDOWS\system32\subsvpsp.dll succeeded!
Deletion of file C:\WINDOWS\system32\ckcifype.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C2TimAAoYVq9]
[-HKEY_LOCAL_MACHINE\Software\C2TimAAoYVq9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9DF27F5-C133-48CE-9579-BA0EAF713523}]

Done!

Finished!

--------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:52:44 AM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Utilities\HijackThis.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

Edited by peford@cfl.rr.com, 16 December 2005 - 01:58 AM.


#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2005 - 06:03 AM

Now thats different,we can both see them in the WinPFind Scan!

Go back to Safe Mode and be sure Windows is Showing Hidden Files
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Locate and Delete--> C:\WINDOWS\p2c3H

Scan with WinPFind again and lets see what we see.

Restart Normal and Scan the System with Blacklight once more.

Post back with the WinPfind log and the results from Blacklight.

#10 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 December 2005 - 10:39 AM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 16, 2005 10:38:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/12/2005
Kaspersky Anti-Virus database records: 165499
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 108670
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 1
Duration of the scan process: 5188 sec

Infected Object Name - Virus Name
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/ace.dll Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/ckcifype.exe Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/dgnmsi.exe Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/iprmsi.exe Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/msk2mtag.sys Suspicious: Rootkit.Win32.Agent.ao
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/slalbiop.exe Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/subsvpsp.dll Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip/backups/WinGenerics.dll Infected: Trojan.Win32.Crypt.t
E:\Documents and Settings\Administrator\Desktop\aproposfix\backups\backups.zip Infected: Trojan.Win32.Crypt.t
I:\CD Contents\Drivers CD\08_AutoMail\Fngmhlib.dll Infected: not-a-virus:Monitor.Win32.KeyPressHooker.b

Scan process completed.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2005 - 07:08 PM

So hows the PC acting today?

Im still not convinced about the Driver folder.

If you dont mind,go back to Safe Mode and Scan with WinPFind again.

Restart Normal and Post those results.

You have RootKitRevealer installed,correct?

#12 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 17 December 2005 - 01:15 PM

Deleted "p2c3h"

Havent noticed any popus lately, which is good.

I did find the DRIVER folder. I had hidden files shown, but I also had "hide system folders" checked, which was hiding it. I will post the contents.

BTW WinPFind still shows the message "Failed to find data for 'Place0'" and stops.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 11/22/2005 2:49:30 AM 97792 C:\WINDOWS\RootkitRevealer.exe

Checking %System% folder...
UPX! 11/25/2005 10:28:34 PM 55296 C:\WINDOWS\SYSTEM32\AutoPlay.cpl
UPX! 10/20/2005 12:17:52 AM 55296 C:\WINDOWS\SYSTEM32\BootVis.cpl
UPX! 10/20/2005 12:17:52 AM 265216 C:\WINDOWS\SYSTEM32\BootVis.EXE
UPX! 10/22/2005 7:18:24 PM 55296 C:\WINDOWS\SYSTEM32\CDImageGUI.cpl
UPX! 10/22/2005 7:18:24 PM 517120 C:\WINDOWS\SYSTEM32\CDImageGUI.exe
UPX! 11/26/2005 10:01:40 PM 31744 C:\WINDOWS\SYSTEM32\Contig.exe
UPX! 11/22/2005 2:49:20 AM 35840 C:\WINDOWS\SYSTEM32\CProcess.exe
UPX! 11/26/2005 10:01:42 PM 55296 C:\WINDOWS\SYSTEM32\Defrag.cpl
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 11/22/2005 2:49:20 AM 120947 C:\WINDOWS\SYSTEM32\FlushCode.exe
UPX! 11/22/2005 2:49:24 AM 26112 C:\WINDOWS\SYSTEM32\iconsext.exe
PTech 11/28/2005 11:12:48 AM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 11/22/2005 8:33:56 AM 10752 C:\WINDOWS\SYSTEM32\modifyPE.exe
PECompact2 11/8/2005 6:13:38 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/8/2005 6:13:38 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 11/25/2005 5:43:08 PM 55296 C:\WINDOWS\SYSTEM32\MSVirtualCD.cpl
UPX! 11/25/2005 5:34:04 PM 55296 C:\WINDOWS\SYSTEM32\MS_TimeZone.cpl
UPX! 11/22/2005 2:49:26 AM 33792 C:\WINDOWS\SYSTEM32\myuninst.exe
UPX! 11/26/2005 4:13:40 AM 417792 C:\WINDOWS\SYSTEM32\Notepad2.EXE
aspack 8/3/2004 8:26:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 11/25/2005 11:00:20 PM 71168 C:\WINDOWS\SYSTEM32\pserv2.exe
Umonitor 8/3/2004 8:26:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 10/20/2005 12:29:24 AM 55296 C:\WINDOWS\SYSTEM32\RESHACK.cpl
UPX! 10/20/2005 12:29:24 AM 335360 C:\WINDOWS\SYSTEM32\RESHACK.EXE
UPX! 10/20/2005 1:07:02 AM 55296 C:\WINDOWS\SYSTEM32\SAFEXP.cpl
UPX! 10/20/2005 1:07:02 AM 345600 C:\WINDOWS\SYSTEM32\SAFEXP.EXE
UPX! 11/25/2005 11:00:20 PM 55296 C:\WINDOWS\SYSTEM32\Services.cpl
UPX! 11/22/2005 2:49:30 AM 37888 C:\WINDOWS\SYSTEM32\shexview.exe
UPX! 11/22/2005 2:49:30 AM 36352 C:\WINDOWS\SYSTEM32\shmnview.exe
UPX! 10/22/2005 1:31:46 PM 38400 C:\WINDOWS\SYSTEM32\Startup.cpl
UPX! 11/22/2005 2:49:30 AM 26624 C:\WINDOWS\SYSTEM32\strun.exe
UPX! 10/19/2005 11:59:46 PM 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl
UPX! 11/25/2005 11:22:40 PM 55296 C:\WINDOWS\SYSTEM32\Updates.cpl
UPX! 11/22/2005 2:49:30 AM 126464 C:\WINDOWS\SYSTEM32\UPX.exe
UPX! 10/22/2005 7:07:22 PM 55296 C:\WINDOWS\SYSTEM32\UPXShell.cpl
UPX! 10/22/2005 7:07:22 PM 211456 C:\WINDOWS\SYSTEM32\UPXShell.exe
UPX! 11/25/2005 5:43:08 PM 12288 C:\WINDOWS\SYSTEM32\VCdControlTool.exe
UPX! 11/25/2005 11:22:40 PM 35840 C:\WINDOWS\SYSTEM32\wul.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 12/7/2005 8:54:58 AM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/17/2005 12:57:52 PM S 2048 C:\WINDOWS\bootstat.dat
12/15/2005 9:35:58 PM H 54156 C:\WINDOWS\QTFont.qfn
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
12/1/2005 5:50:46 PM RHS 227 C:\WINDOWS\assembly\Desktop.ini
12/1/2005 5:50:46 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
12/1/2005 5:50:46 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat
12/1/2005 6:21:12 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
12/1/2005 6:21:16 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
12/1/2005 5:42:36 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/1/2005 5:43:56 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
12/1/2005 5:47:50 PM H 0 C:\WINDOWS\inf\oem0.inf
12/2/2005 1:14:00 AM H 0 C:\WINDOWS\inf\oem6.inf
12/1/2005 5:42:36 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
12/1/2005 5:43:18 PM RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
12/1/2005 5:43:18 PM RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
12/1/2005 5:43:18 PM RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
12/1/2005 5:47:58 PM H 270336 C:\WINDOWS\repair\ntuser.dat
12/2/2005 3:26:56 PM RHS 1877 C:\WINDOWS\system\DRIVER\servicesmgr.dll
12/2/2005 3:26:52 PM RHS 1575 C:\WINDOWS\system\DRIVER\winlogon.dll
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
12/1/2005 5:42:36 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
12/1/2005 5:42:36 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
12/1/2005 5:42:22 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
11/6/2005 4:16:58 PM S 8781 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\codecs10.cat
11/7/2005 6:01:22 AM S 8818 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10-2.cat
11/6/2005 4:16:58 PM S 9079 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10.cat
10/23/2005 8:17:50 AM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB891593.cat
10/23/2005 8:17:50 AM S 9500 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB895961.cat
11/8/2005 6:13:36 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/23/2005 8:17:50 AM S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898108.cat
11/4/2005 3:45:54 PM S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898439.cat
10/23/2005 8:17:50 AM S 11265 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899337.cat
10/23/2005 8:17:50 AM S 9500 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899510.cat
10/23/2005 8:17:50 AM S 9500 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB902841.cat
10/23/2005 8:17:50 AM S 11147 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905519.cat
10/23/2005 8:17:50 AM S 10151 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905816.cat
10/23/2005 8:17:50 AM S 11138 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB906688.cat
11/4/2005 3:45:54 PM S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB906866.cat
11/6/2005 3:32:00 PM S 8303 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB907658.cat
11/19/2005 1:01:30 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910393.cat
11/6/2005 4:16:58 PM S 7291 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPPRE10.cat
11/6/2005 4:17:00 PM S 9377 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMDM10.cat
11/6/2005 4:17:00 PM S 11463 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFSDK10.cat
11/6/2005 4:17:00 PM S 10859 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WPD10.cat
12/17/2005 12:57:44 PM H 8192 C:\WINDOWS\system32\config\default.LOG
12/17/2005 12:58:00 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/17/2005 12:57:54 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/17/2005 12:58:22 PM H 94208 C:\WINDOWS\system32\config\software.LOG
12/17/2005 1:00:28 PM H 937984 C:\WINDOWS\system32\config\system.LOG
12/1/2005 12:22:44 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
12/1/2005 12:22:46 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
12/1/2005 12:25:38 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
12/1/2005 6:31:18 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
12/1/2005 6:31:18 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
12/1/2005 12:25:38 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
12/1/2005 5:46:28 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
12/1/2005 5:46:28 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3ZWEQNH5\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JEYBCW8D\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LPWGTCDE\desktop.ini
12/1/2005 5:46:28 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NMF0ZEFP\desktop.ini
12/1/2005 5:42:30 PM HS 118 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
12/1/2005 12:25:38 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
12/1/2005 5:44:50 PM HS 148 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
12/1/2005 5:44:50 PM HS 421 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
12/1/2005 5:44:50 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
12/1/2005 5:44:50 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
12/1/2005 5:49:34 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\350dc5eb-1690-44eb-9cc1-f50248b38a58
12/1/2005 5:49:34 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/17/2005 12:56:50 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
5/25/2004 10:06:58 AM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Realtek Semiconductor Corp. 5/14/2003 9:19:16 AM 6843904 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/3/2004 8:26:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/25/2005 10:28:34 PM 55296 C:\WINDOWS\SYSTEM32\AutoPlay.cpl
10/20/2005 12:17:52 AM 55296 C:\WINDOWS\SYSTEM32\BootVis.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
10/22/2005 7:18:24 PM 55296 C:\WINDOWS\SYSTEM32\CDImageGUI.cpl
11/26/2005 4:01:22 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl
11/26/2005 10:01:42 PM 55296 C:\WINDOWS\SYSTEM32\Defrag.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 11/25/2005 11:31:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl
Microsoft Corporation 10/15/2005 8:41:42 AM 80896 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 8/26/2005 6:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
11/25/2005 5:43:08 PM 55296 C:\WINDOWS\SYSTEM32\MSVirtualCD.cpl
11/25/2005 5:34:04 PM 55296 C:\WINDOWS\SYSTEM32\MS_TimeZone.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intersil Americas Inc. 5/28/2003 11:03:50 PM 314452 C:\WINDOWS\SYSTEM32\PRISMCFG.cpl
11/10/2005 8:55:38 PM 131072 C:\WINDOWS\SYSTEM32\REGEDIT.CPL
10/20/2005 12:29:24 AM 55296 C:\WINDOWS\SYSTEM32\RESHACK.cpl
10/20/2005 1:07:02 AM 55296 C:\WINDOWS\SYSTEM32\SAFEXP.cpl
11/25/2005 11:00:20 PM 55296 C:\WINDOWS\SYSTEM32\Services.cpl
10/22/2005 1:31:46 PM 38400 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 8:26:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
10/19/2005 11:59:46 PM 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl
11/25/2005 11:22:40 PM 55296 C:\WINDOWS\SYSTEM32\Updates.cpl
10/22/2005 7:07:22 PM 55296 C:\WINDOWS\SYSTEM32\UPXShell.cpl
Creative Technology Ltd. 7/23/2003 9:45:02 AM 172032 C:\WINDOWS\SYSTEM32\USBAudio.cpl
Microsoft Corporation 6/15/2005 11:43:38 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/1/2005 7:16:52 PM 1727 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
12/1/2005 5:44:50 PM HS 84 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/1/2005 12:25:38 PM HS 62 E:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
12/2/2005 1:49:04 PM 822 E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
12/1/2005 5:44:50 PM HS 84 E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
12/1/2005 12:25:38 PM HS 62 E:\Documents and Settings\Administrator\Application Data\desktop.ini
12/2/2005 3:28:50 PM 125 E:\Documents and Settings\Administrator\Application Data\iPod Access v2 Prefs
12/2/2005 3:13:38 PM H 11 E:\Documents and Settings\Administrator\Application Data\iPodAccess_Time

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{281CBB00-E8AE-4B03-A7C7-221446698C0A} = C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ShellExt\ContextMenuExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ShellExt\ContextMenuExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Command Box Context Menu Handler
{00537963-0001-0001-0004-00c0dfe64a64} = C:\WINDOWS\system32\ShellExt\cmdhere.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ContextAttrib
{0A435D73-6459-4b87-971D-0EEBFD2495BA} = C:\WINDOWS\system32\ShellExt\ContextAttrib.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ShellExt\ContextMenuExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Ninotech Date Edit
{EECEEFEE-3DF7-11D0-9576-0000837A2FDD} = C:\WINDOWS\system32\ShellExt\DateEd32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Ninotech Path Copy
{EECEEFEE-3DF7-11D0-9576-0000837A2FDE} = C:\WINDOWS\system32\ShellExt\PathCo32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnlockerShellExtension
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}
= C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= D:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
SoundMan SOUNDMAN.EXE
CTDVDDet D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
CTSysVol D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
SbUsb AudCtrl RunDll32 sbusbdll.dll,RCMonitor
UpdReg C:\WINDOWS\UpdReg.EXE
AVG7_CC D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Acronis True Image Monitor "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
Acronis Scheduler2 Service "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
iTunesHelper "D:\Program Files\iTunes\iTunesHelper.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HostManager C:\Program Files\Common Files\AOL\1134364602\ee\AOLSoftware.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskSwitchXP C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
RoboForm "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Aim6

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDesktopCleanupWizard 1
ForceClassicControlPanel 1
NoRemoteRecursiveEvents 1
MemCheckBoxInRunDlg 1
DisableCAD 1
NoRecentDocsMenu 1
NoFavoritesMenu 0
NoSMMyDocs 0
NoSMMyPictures 0
NoStartMenuMyMusic 0
NoRecentDocsHistory 1
NoRecentDocsNetHood 0
NoSMHelp 0
NoRun 0
NoInstrumentation 0
NoSimpleStartMenu 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
NoInternetOpenWith 1
DisableCAD 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\Placesbar

----------------------

12/17/05 13:09:48 [Info]: BlackLight Engine 1.0.30 initialized
12/17/05 13:09:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/17/05 13:09:48 [Note]: 7019 4
12/17/05 13:09:48 [Note]: 7005 0
12/17/05 13:09:53 [Note]: 7006 0
12/17/05 13:09:54 [Note]: 7011 1868
12/17/05 13:09:54 [Note]: FSRAW library version 1.7.1014
12/17/05 13:10:46 [Note]: 7007 0

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2005 - 03:26 PM

Wow,I see the files and will tinker with them later today.

Hopefully with the knowledge you have,you have allready removed that ugly folder.

I need you to check your services for these 3

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

Allthough I dont see them in the HijackThis log,they may be present in the services page.

I actually had wrote a dos batch for this some time back,I will attach it in a zip and let you have a look.

Keep in mind,its a custom batch for a different user.

Attached Files

  • Attached File  Fix.zip   582bytes   10 downloads


#14 metaphist

metaphist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 December 2005 - 07:28 PM

The batch worked in removing those services, and I got rid of that folder. Seems like everthing is running smoothly now, many thanks!

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 03:42 AM

If you want,check the system over once more with Kaspersky and WinPFind to ensure all nasties are gone.

I dont want to count blessings too soon.

Let me know what ya find.

Here some extra tools to help with more secure browsing.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users