VirusRL2009.exe in Startup. Disabled? Need help cleaning.

**peku006** · 2009-05-06, 13:06

Hi Crymmsun

Let us take a deeper look.

Please download OTScanIt2 from Geeks to Go by OldTimer. Alternate download site.
Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, when prompted. Click OK and click Close.
This is a self-extracting file...It will create a folder named OTScanIt2 on your desktop.
Double click on the OTScanIt2 folder to open... then double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner. It may take a few minutes...be patient, let it run.
When done, Notepad will open with the log file "OTScanIt.Txt" contents.

Please post the contents of the OTScanIt.Txt Notepad file in your next reply.

Thanks peku006

**Crymmsun** · 2009-05-06, 16:05

It won't let me post the OTScanIt Log. It gives me an error message at the top of the page that says "The text that you have entered is too long (103800 characters). Please shorten it to 64000 characters long."

How do you want me to handle this?

**peku006** · 2009-05-06, 16:34

Hi Crymmsun

the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

**Crymmsun** · 2009-05-06, 17:28

Hello peku006,

I'll go ahead and split it into two since it's also too big to attach as a file. ::Grins.:: Thanks again so much for this help.

[code]
OTScanIt2 logfile created on: 5/6/2009 8:54:26 AM - Run 3
OTScanIt2 by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.33 Mb Total Physical Memory | 650.67 Mb Available Physical Memory | 63.65% Memory free
1.28 Gb Paging File | 0.92 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 22.88 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUBILEE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software)
bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> [2006/11/01 20:48:10 | 01,253,376 | ---- | M] (Dell Inc.)
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %ProgramFiles%\internet explorer\iexplore.exe -> [2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/09/20 10:32:16 | 00,159,744 | ---- | M] (Intel Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mscams32.exe -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2007/05/17 14:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
rainlendar2.exe -> %ProgramFiles%\Rainlendar2\Rainlendar2.exe -> [2007/07/24 02:12:56 | 01,298,432 | ---- | M] ()
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 20:48:12 | 00,020,480 | ---- | M] ()

[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/04/30 14:52:26 | 00,953,168 | ---- | M] (Lavasoft)
(MSCamSvc) MSCamSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2007/05/17 14:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation)
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [2006/12/14 01:46:16 | 00,057,344 | ---- | M] ()
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 20:48:12 | 00,020,480 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2007/10/30 23:16:49 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\DRIVERS\aswFsBlk.sys -> [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> [2006/10/12 23:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2003/09/26 13:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation)
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\cercsr6.sys -> [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWICH.sys -> [2005/05/03 18:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DPV.SYS -> [2005/05/03 18:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/09/28 11:07:50 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\stac97.sys -> [2004/11/15 18:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.)
(TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\TVICHW32.SYS -> [2007/10/30 23:19:09 | 00,023,600 | ---- | M] (EnTech Taiwan)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(VX3000) VX-3000 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\VX3000.sys -> [2007/04/10 14:46:48 | 01,966,696 | ---- | M] (Microsoft Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wanatw4.sys -> [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2005/05/03 18:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://neworleans.cox.net/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\prefs.js ->
browser.search.selectedEngine -> "Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://neworleans.cox.net/" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07103010 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/04/15 17:04:21 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/01/02 00:42:11 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/30 08:47:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/30 08:47:32 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions -> [2008/06/29 00:26:31 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/06/29 00:26:31 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org -> [2008/06/29 00:26:31 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\akl73k0n.default\extensions -> [2008/12/02 04:13:42 | 00,096,764 | ---- | M] ()
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\akl73k0n.default\extensions\moveplayer@movenetworks.com -> [2008/12/02 04:13:42 | 00,096,764 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\searchplugins\ -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\searchplugins -> [2008/10/02 05:46:39 | 00,000,000 | ---D | M]
search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\searchplugins\search.xml -> [2008/10/02 05:46:39 | 00,000,274 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/03/30 08:47:33 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2008/12/02 04:13:15 | 00,023,040 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2008/12/02 04:13:15 | 00,134,656 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/03/30 08:47:32 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2008/11/06 11:33:48 | 01,332,224 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2008/11/06 11:33:50 | 00,001,607 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2008/12/10 19:33:34 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2008/12/02 04:13:18 | 00,065,536 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npViewpoint.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 12:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 13:26:35 | 00,000,266 | ---- | M] ()
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2008/11/06 11:34:08 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/03/30 08:47:32 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/12/02 04:13:22 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/10/11 15:08:38 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/10/11 15:08:38 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/10/11 15:08:38 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/12/02 04:13:18 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/10/11 15:08:38 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/10/11 15:08:38 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/10/11 15:08:38 | 00,000,792 | ---- | M] ()
< HOSTS File > (305685 bytes and 10575 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software)
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/09/20 10:35:40 | 00,094,208 | ---- | M] (Intel Corporation)
"Motorola Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY] -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Rainlendar2" -> %ProgramFiles%\Rainlendar2\Rainlendar2.exe [C:\Program Files\Rainlendar2\Rainlendar2.exe] -> [2007/07/24 02:12:56 | 01,298,432 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 15:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5504 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9072 domain(s) found. ->
objects_aol.com[*] -> Out of zone range - ( 5 ) ->
update_microsoft.com [http] -> Trusted sites ->
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 86 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=58813 [Office Genuine Advantage Validation Tool] ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/MSDcode.cab [Microsoft Data Collection Control] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{362C56AA-6E4F-40C7-A0B5-85501DBDAD77} [HKLM] -> http://i.dell.com/images/global/js/scanner/SysProExe.cab [Scanner.SysScanner] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photo2.walgreens.com/WalgreensActivia.cab [Snapfish Activia] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239734013757 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{B9F79165-A264-4C4A-A211-133A5E8D647F} [HKLM] -> http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab [F-Secure Health Check 1.1] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E87F6C8E-16C0-11D3-BEF7-009027438003} [HKLM] -> https://secure.thefilingroom.com/members/XUpload.ocx [Persits Software XUpload] ->
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{018F015E-C361-4F18-B41F-28105991C9CB} -> (Dell TrueMobile 1300 WLAN Mini-PCI Card) ->
{5065CB1E-5C1A-4B95-956C-F6138E6495A9} -> (Dell Wireless 1350 WLAN Mini-PCI Card) ->
{A8F4D2E7-E5FF-4F19-8CDF-DC9795B2612B} -> () ->
{E9389068-2DDA-4819-8F38-F5A1F758FA7E} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2005/09/20 10:32:16 | 00,057,344 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" -> C:\Program Files\Microsoft LifeCam\LifeCam.exe [C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe] -> [2007/05/17 14:45:32 | 04,277,608 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> [2007/05/17 14:45:32 | 00,279,912 | ---- | M] (Microsoft Corporation)
"C:\Program Files\SightSpeed\SightSpeed.exe" -> C:\Program Files\SightSpeed\SightSpeed.exe [C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed] -> [2007/10/25 18:08:48 | 03,638,584 | ---- | M] (SightSpeed Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> [2008/04/13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->

**Crymmsun** · 2009-05-06, 17:31

"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/10/30 22:51:41 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{82da9170-a5a0-11dc-90b5-00114362eace}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82da9170-a5a0-11dc-90b5-00114362eace}\Shell\AutoRun\command
\{82da9170-a5a0-11dc-90b5-00114362eace}\Shell\AutoRun\command\\"" -> [wd_windows_tools\setup.exe] -> File not found

[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/05/06 08:47:34 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/06 08:43:55 | 00,665,196 | ---- | C] ()
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/05/05 03:01:04 | 00,000,000 | -HSD | C]
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/05 02:53:07 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/05/05 02:53:03 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/05/05 02:52:59 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/05/05 02:51:44 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/05/05 02:51:44 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/05/05 02:51:44 | 00,136,704 | ---- | C] (SteelWerX)
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/05 02:51:44 | 00,117,248 | ---- | C] ()
sed.exe -> %SystemRoot%\sed.exe -> [2009/05/05 02:51:44 | 00,098,816 | ---- | C] ()
grep.exe -> %SystemRoot%\grep.exe -> [2009/05/05 02:51:44 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/05/05 02:51:44 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/05/05 02:51:44 | 00,029,696 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2009/05/05 02:50:42 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/05/05 02:30:21 | 03,012,646 | R--- | C] ()
rsit -> %SystemDrive%\rsit -> [2009/05/04 23:46:33 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/04 23:46:06 | 00,781,909 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/05/04 22:29:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/05/04 22:29:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/05/04 22:29:44 | 00,000,000 | ---D | C]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [2009/05/03 18:21:52 | 00,000,000 | ---D | C]
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [2009/05/03 18:21:26 | 01,883,396 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/05/02 22:44:32 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/02 22:43:41 | 00,000,774 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/05/02 22:43:15 | 00,000,000 | ---D | C]
Tracing -> %UserProfile%\Tracing -> [2009/04/30 09:41:22 | 00,000,000 | ---D | C]
Microsoft -> %ProgramFiles%\Microsoft -> [2009/04/30 09:38:32 | 00,000,000 | ---D | C]
microsoft -> %AllUsersProfile%\Documents\microsoft -> [2009/04/30 09:38:21 | 00,000,000 | ---D | C]
Windows Live SkyDrive -> %ProgramFiles%\Windows Live SkyDrive -> [2009/04/30 09:38:11 | 00,000,000 | ---D | C]
Windows Live -> %ProgramFiles%\Windows Live -> [2009/04/30 09:37:44 | 00,000,000 | ---D | C]
Windows Live -> %CommonProgramFiles%\Windows Live -> [2009/04/30 09:33:56 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2009/04/19 19:24:04 | 00,000,000 | RH-D | C]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [2009/04/15 18:39:12 | 00,000,000 | ---D | C]
ntprint.cat -> %SystemRoot%\System32\dllcache\ntprint.cat -> [2009/04/15 18:38:42 | 01,089,593 | ---- | C] ()
XPSViewer -> %SystemRoot%\System32\XPSViewer -> [2009/04/15 17:02:54 | 00,000,000 | ---D | C]
MSBuild -> %ProgramFiles%\MSBuild -> [2009/04/15 17:02:46 | 00,000,000 | ---D | C]
Reference Assemblies -> %ProgramFiles%\Reference Assemblies -> [2009/04/15 17:02:31 | 00,000,000 | ---D | C]
printfilterpipelinesvc.exe -> %SystemRoot%\System32\dllcache\printfilterpipelinesvc.exe -> [2009/04/15 17:01:49 | 00,597,504 | ---- | C] (Microsoft Corporation)
xpsshhdr.dll -> %SystemRoot%\System32\xpsshhdr.dll -> [2009/04/15 17:01:49 | 00,575,488 | ---- | C] (Microsoft Corporation)
xpsshhdr.dll -> %SystemRoot%\System32\dllcache\xpsshhdr.dll -> [2009/04/15 17:01:49 | 00,575,488 | ---- | C] (Microsoft Corporation)
prntvpt.dll -> %SystemRoot%\System32\prntvpt.dll -> [2009/04/15 17:01:49 | 00,117,760 | ---- | C] (Microsoft Corporation)
filterpipelineprintproc.dll -> %SystemRoot%\System32\dllcache\filterpipelineprintproc.dll -> [2009/04/15 17:01:49 | 00,089,088 | ---- | C] (Microsoft Corporation)
xpssvcs.dll -> %SystemRoot%\System32\xpssvcs.dll -> [2009/04/15 17:01:48 | 01,676,288 | ---- | C] (Microsoft Corporation)
xpssvcs.dll -> %SystemRoot%\System32\dllcache\xpssvcs.dll -> [2009/04/15 17:01:48 | 01,676,288 | ---- | C] (Microsoft Corporation)
d44de6da6492a16af7385b1555 -> %SystemDrive%\d44de6da6492a16af7385b1555 -> [2009/04/15 17:01:47 | 00,000,000 | ---D | C]
URTTemp -> %SystemRoot%\System32\URTTemp -> [2009/04/15 16:53:14 | 00,000,000 | ---D | C]
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/04/15 13:16:11 | 24,921,544 | ---- | C] (Microsoft Corporation)
pdh.dll -> %SystemRoot%\System32\dllcache\pdh.dll -> [2009/04/15 13:09:43 | 00,284,160 | ---- | C] (Microsoft Corporation)
fastprox.dll -> %SystemRoot%\System32\dllcache\fastprox.dll -> [2009/04/15 13:09:42 | 00,473,600 | ---- | C] (Microsoft Corporation)
wmiprvsd.dll -> %SystemRoot%\System32\dllcache\wmiprvsd.dll -> [2009/04/15 13:09:42 | 00,453,120 | ---- | C] (Microsoft Corporation)
rpcss.dll -> %SystemRoot%\System32\dllcache\rpcss.dll -> [2009/04/15 13:09:42 | 00,401,408 | ---- | C] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\System32\dllcache\wmiprvse.exe -> [2009/04/15 13:09:42 | 00,227,840 | ---- | C] (Microsoft Corporation)
services.exe -> %SystemRoot%\System32\dllcache\services.exe -> [2009/04/15 13:09:42 | 00,110,592 | ---- | C] (Microsoft Corporation)
lsasrv.dll -> %SystemRoot%\System32\dllcache\lsasrv.dll -> [2009/04/15 13:09:41 | 00,729,088 | ---- | C] (Microsoft Corporation)
advapi32.dll -> %SystemRoot%\System32\dllcache\advapi32.dll -> [2009/04/15 13:09:41 | 00,617,472 | ---- | C] (Microsoft Corporation)
ntdll.dll -> %SystemRoot%\System32\dllcache\ntdll.dll -> [2009/04/15 13:09:40 | 00,714,752 | ---- | C] (Microsoft Corporation)
xpsp4res.dll -> %SystemRoot%\System32\xpsp4res.dll -> [2009/04/15 13:09:00 | 00,002,560 | ---- | C] (Microsoft Corporation)
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [2009/04/15 13:08:59 | 01,203,922 | ---- | C] ()
wordpad.exe -> %SystemRoot%\System32\dllcache\wordpad.exe -> [2009/04/15 13:08:59 | 00,215,552 | ---- | C] (Microsoft Corporation)
Prefetch -> %SystemRoot%\Prefetch -> [2009/04/15 12:57:56 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2009/04/15 12:44:52 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2009/04/15 12:44:51 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2009/04/15 12:44:50 | 00,000,000 | ---D | C]
bits -> %SystemRoot%\System32\bits -> [2009/04/15 12:44:49 | 00,000,000 | ---D | C]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2009/04/15 12:37:21 | 00,000,000 | ---D | C]
network diagnostic -> %SystemRoot%\network diagnostic -> [2009/04/15 12:34:17 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2009/04/15 12:28:05 | 00,000,000 | -H-D | C]
EHome -> %SystemRoot%\EHome -> [2009/04/15 12:28:02 | 00,000,000 | ---D | C]
fix.reg -> %SystemDrive%\fix.reg -> [2009/04/15 12:14:49 | 00,004,158 | ---- | C] ()
Julie's_Resume[1].doc -> %UserProfile%\Desktop\Julie's_Resume[1].doc -> [2009/04/07 02:53:36 | 00,028,672 | ---- | C] ()
qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2008/11/06 11:37:32 | 03,596,288 | ---- | C] ()
dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [2008/11/06 11:34:00 | 00,000,416 | ---- | C] ()
dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [2008/11/06 11:34:00 | 00,000,416 | ---- | C] ()
DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [2008/11/06 11:33:02 | 00,012,288 | ---- | C] ()
VX3000.ini -> %SystemRoot%\VX3000.ini -> [2008/07/25 01:21:40 | 00,015,498 | ---- | C] ()
msoffice.ini -> %SystemRoot%\msoffice.ini -> [2008/04/15 01:08:01 | 00,000,002 | ---- | C] ()
wininit.ini -> %SystemRoot%\wininit.ini -> [2008/02/21 06:42:13 | 00,001,145 | ---- | C] ()
OGACheckControl.DLL -> %SystemRoot%\System32\OGACheckControl.DLL -> [2008/02/04 18:23:10 | 00,693,792 | ---- | C] ()
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2007/11/30 02:42:27 | 00,000,376 | ---- | C] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2007/11/02 18:31:39 | 00,000,202 | ---- | C] ()
CddbPlaylist2Sony.dll -> %SystemRoot%\System32\CddbPlaylist2Sony.dll -> [2007/11/02 09:48:32 | 00,532,480 | ---- | C] ()
bcm1xsup.dll -> %SystemRoot%\System32\bcm1xsup.dll -> [2007/10/30 23:32:03 | 00,757,760 | ---- | C] ()
preflib.dll -> %SystemRoot%\System32\preflib.dll -> [2007/10/30 23:32:03 | 00,086,016 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2004/08/04 05:00:00 | 00,000,580 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2004/08/04 05:00:00 | 00,000,227 | ---- | C] ()
indounin.dll -> %SystemRoot%\System32\indounin.dll -> [1999/01/27 14:39:06 | 00,065,024 | ---- | C] ()
Iyvu9_32.dll -> %SystemRoot%\System32\Iyvu9_32.dll -> [1997/06/13 08:56:08 | 00,056,832 | ---- | C] ()
DOCOBJ.DLL -> %SystemRoot%\System32\DOCOBJ.DLL -> [1996/12/09 01:00:00 | 00,022,016 | ---- | C] ()
HLINKPRX.DLL -> %SystemRoot%\System32\HLINKPRX.DLL -> [1996/12/09 01:00:00 | 00,012,288 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp ->
3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp ->
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/05/06 08:47:59 | 09,437,184 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/06 08:43:59 | 00,665,196 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\temp\jkos-Owner\engine\bases\sfdb.dat -> [2009/05/06 03:08:41 | 00,313,436 | ---- | M] ()
kosglue-7.0.26.0.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\kosglue-7.0.26.0.dll -> [2009/05/06 03:08:02 | 00,729,152 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\msvcr80.dll -> [2009/05/06 03:08:01 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\msvcp80.dll -> [2009/05/06 03:08:01 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\kave.dll -> [2009/05/06 03:08:01 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\prLoader.dll -> [2009/05/06 03:08:01 | 00,184,320 | ---- | M] (Kaspersky Lab)
ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe -> [2009/05/06 03:08:01 | 00,139,264 | ---- | M] (Kaspersky Lab.)
prremote.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\prremote.dll -> [2009/05/06 03:08:01 | 00,090,112 | ---- | M] (Kaspersky Lab)
ikave.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\ikave.dll -> [2009/05/06 03:08:01 | 00,065,536 | ---- | M] ()
msvcm80.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\msvcm80.dll -> [2009/05/06 03:08:00 | 00,479,232 | ---- | M] (Microsoft Corporation)
FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\FSSync.dll -> [2009/05/06 03:08:00 | 00,038,400 | ---- | M] (Kaspersky Lab)
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/05/05 03:00:12 | 00,000,006 | -H-- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/05/05 02:57:32 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/05/05 02:53:07 | 00,000,281 | RHS- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/05/05 02:51:11 | 03,012,646 | R--- | M] ()
EasyShare Registration RunOnce Task.job -> %SystemRoot%\tasks\EasyShare Registration RunOnce Task.job -> [2009/05/05 00:49:55 | 00,000,450 | ---- | M] ()
Perflib_Perfdata_d8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_d8.dat -> [2009/05/05 00:48:49 | 00,016,384 | ---- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/05/05 00:48:36 | 00,002,048 | --S- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/05/05 00:48:01 | 00,000,178 | -HS- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/04 23:46:09 | 00,781,909 | ---- | M] ()
Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/05/04 14:52:35 | 00,000,472 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/05/04 08:42:03 | 00,000,284 | ---- | M] ()
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [2009/05/03 18:21:34 | 01,883,396 | ---- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/02 22:43:41 | 00,000,774 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/05/02 22:30:09 | 00,305,685 | R--- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/05/02 21:59:05 | 00,000,580 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/02 21:59:05 | 00,000,211 | ---- | M] ()
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/01 15:36:46 | 00,117,248 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/05/01 06:44:55 | 00,120,832 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/05/01 06:44:55 | 00,000,202 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/01 03:27:10 | 00,008,452 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/01 03:27:09 | 00,008,866 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/04/30 11:28:56 | 00,270,984 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/04/30 09:40:33 | 00,067,656 | ---- | M] ()
My Sharing Folders.lnk -> %UserProfile%\Julie's Documents\My Sharing Folders.lnk -> [2009/04/30 09:39:35 | 00,000,906 | ---- | M] ()
img2-001.raw -> %SystemDrive%\img2-001.raw -> [2009/04/30 03:48:18 | 00,230,424 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/21 16:10:06 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_670.dat -> %SystemRoot%\Temp\Perflib_Perfdata_670.dat -> [2009/04/19 19:28:57 | 00,016,384 | ---- | M] ()
hosts.20090502-223009.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090502-223009.backup -> [2009/04/19 19:16:03 | 00,305,032 | R--- | M] ()
Chris.doc -> %UserProfile%\Desktop\Chris.doc -> [2009/04/19 02:46:30 | 00,104,448 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/04/15 18:41:46 | 00,715,190 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/04/15 18:41:46 | 00,604,828 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/04/15 18:41:46 | 00,109,706 | ---- | M] ()
ntldr -> %SystemDrive%\ntldr -> [2009/04/15 12:33:44 | 00,250,048 | RHS- | M] ()
fix.reg -> %SystemDrive%\fix.reg -> [2009/04/15 12:15:57 | 00,004,158 | ---- | M] ()
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [2009/04/08 23:47:00 | 00,000,436 | ---- | M] ()
Julie's_Resume[1].doc -> %UserProfile%\Desktop\Julie's_Resume[1].doc -> [2009/04/07 03:05:56 | 00,028,672 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 125 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:825D5945 109 bytes
C:\Documents and Settings\Owner\Favorites\Links\Google.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Links\Windows Update.url:favicon 25214 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Literotica.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Private\Toys\Shop Erotic Online Store.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Private\Wasteland.com - Darker Side of Desire.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Tantra Chair.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\AOL\Welcome to AOL Anywhere.url:favicon 2862 bytes
C:\Documents and Settings\Owner\Favorites\Comics\Kenzer and Company.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Comics\Starchild.url:favicon 1151 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Bleeping Computer Computer Help and Discussion.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Linksys.com.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\MalWare Removal.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\PC Pitstop.url:favicon 26694 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Safer Networking Forums - S&D.url:favicon 10134 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Trend Micro - Free online virus Scan.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\TheFilingRoom.url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Asparagus Lasagna - Food Network Canada.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Betty Crocker - Cookbook.url:favicon 4286 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Cooks.com.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Food Network.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\AT&T MyWireless.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\Capital One.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\GEICO.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\Netflix Log In.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Me\Job Related\craigslist new orleans.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Job Related\Network for Good.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Job Related\NOLA.com.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Facebook Profile.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\MSNLive - Crymsun.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\MySpace - ObsidianShayd.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Photobucket - Crymmsun.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Tribe.net - ObsidianShayd.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Webshots - FuchsiaIce.url:favicon 22486 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Youniverse - Crymmsun.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\YouTube - ObsidianShayd.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Hotmail Sign In.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\KODAK EASYSHARE CX7525 Zoom Digital Camera Support.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Lavalife.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Party Vibe.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Tarot.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\The Bono - Obama Generation.url:favicon 5430 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Visual DNA.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\RP&Web\Disney Fairies.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Shop\Every Car Listed.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Bands\ALABAMA3 HOME.url:favicon 6446 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Bands\Asylum Street Spankers.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Bands\Stiff Little Fingers.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Downloads\Lime Wire.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Garageband.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Lyrics\LyricWiki.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Radio\Last.fm.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Radio\Pandora Internet Radio.url:favicon 15086 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Buffy - Angel\Spike's Sweet Poison.url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\GateWorld Your Complete Guide to Stargate!.url:favicon 2942 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Misc. Movie\Hulu - Watch your favorites. Anytime. For free..url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\ABC.com.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\CBS.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\NBC.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\SCIFI.COM.url:favicon 2494 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\The CW Television Network.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\USA Network.url:favicon 25214 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\The Internet Movie Database (IMDb).url:favicon 1718 bytes
C:\Documents and Settings\Owner\Favorites\Medical\Residency Programs\Methodist Institute for Reconstructive Surgery -Houston (The Texas Medical Center, Houston, Texas).url:favicon 15086 bytes
C:\Documents and Settings\Owner\Favorites\Mom\Star Tribune Crossword Corner.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Money\PayPal.url:favicon 5430 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Pagan Resources\Astrology and Horoscope Homepage - Astrodienst.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Pagan Resources\Witches' Voice.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Dictionaries & Like\Dictionary.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Dictionaries & Like\Thesaurus.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Dictionaries & Like\Urban Dictionary.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Encyclopedias\THEOI GREEK MYTHOLOGY.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Foreign\General Irish.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Marvel Database.url:favicon 24942 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\Arèthane - Elvin Resource.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\Karate Tips.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\snopes.com Urban Legends Reference Pages.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\SuperPages Yellow Pages & White Pages.url:favicon 2734 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Names\Baby Names.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Names\Elven Names.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Wikipedia\List of colors - Wikipedia.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Wikipedia\Wikipedia.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Dell\Dell.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\ECards\Kid E Card Sites For Kids Of All Ages..url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\FreakAngels.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Cody's MySpace.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Cooper's MySpace.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Crescent Lotus Dance - Kryss.url:favicon 41662 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Tara Rynieyn.url:favicon 5222 bytes
C:\Documents and Settings\Owner\Favorites\Funny & Interesting\Weird and Cool\Liquid Generation.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Bordertown\B-Town RP.url:favicon 6598 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Bordertown\Mock Ave. Time RPG.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Downloadable games\IF Games, Resources\DNA-HHGG Infocom Adventure.url:favicon 1078 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Resources\Weaponry\Zombie Tools Accessories for the Apocalypse.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\Dragon's Mark.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\Rings of Honor (The Duels).url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\The RDI Group Homepage.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\The Realm of RhyDin.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\NorseLady's Realms of Fantasy.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\Welcome to Lyran Tal Press.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Vampires\Sanguinarius.org.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Vampires\Vampires! The Dark Alleyway.url:favicon 766 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\VillainSource -- formerly VillainSupply.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Web Gaming\Pan Historia.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Web Gaming\Vampires! The Dark Alleyway.url:favicon 766 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\www.rpgmp3.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\8652.jpg (image).url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\goth+girl+2.jpg (image).url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\goth+girl.jpg (image).url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\http--www.kaax.org-images-archives-2002-06_0201-015-26_Goth_girl.jpg.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\http--www.xoospace.com-myspace-backgrounds-29425.jpg.url:favicon 3262 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Ruth Thompson Tarnished Images (fantasy artwork).url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Amazon.com.url:favicon 17542 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\BestBuy.com.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Buy.com.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\circuitcity.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\eBay - The World's Online Marketplace.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Etsy Your place to buy and sell all things handmade.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Kmart.url:favicon 1654 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Louie's Juke Joint Music Shop - Music and Voodoo in New Or.url:favicon 6598 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\One Spirit.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Overstock.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Sears.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\SFBC.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Walgreens.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Walmart.com - Always Low Prices!.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\80s t-shirts.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Compression Garments\Healing Enhancements.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Compression Garments\Make Me Heal.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Compression Garments\Marena ComfortWear.url:favicon 4022 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Dr. Martens USA Store.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\FragranceNet.com®.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Gothic Clothing.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Hot Topic.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\J!NX Clothing for Gamers and Geeks.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\ROMANTASY Corsets.url:favicon 4150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\RPG Apparel Absurda-T.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\T-Shirts that ROCK.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Teeth by DNash.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\URBAN DECAY.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Vampfangs - Alternative Superstore.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Comics\Midtowncomics.com.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Comics\mycomicshop.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\Artbeads.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\AuntiesBeads.com.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\BestCrystals.com.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\Healing Crystals.url:favicon 11502 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\Silver Enchantments.url:favicon 568 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Harriet Carter.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Lillian Vernon.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Potpourri Online Catalog.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Pyramid Collection.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Pagan Related\Azenta Products - Uniquely blended fragrances.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Pagan Related\Clove Smokes.url:favicon 822 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Shopping Channels\HSN.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Shopping Channels\QVC.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\The Webtender.url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Air Fare Watchdog.url:favicon 4286 bytes
C:\Documents and Settings\Owner\Favorites\Travel\AirTran Airways.url:favicon 9062 bytes
C:\Documents and Settings\Owner\Favorites\Travel\CheapAir.com.url:favicon 1078 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Farecast.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Flight Stats.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Travel\ITA Software.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Kayak.url:favicon 3750 bytes
C:\Documents and Settings\Owner\Favorites\Travel\MapQuest.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Northwest Airlines.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Priceline.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Southwest Airlines.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Travelocity.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Travel\TripAdvisor.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\United Airlines.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Travel\US Airways.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Poetry and Personal\WiccaPaganShaman-FAQ.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\020108-Skylar.3g2:SummaryInformation 120 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\020108-Skylar.3g2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\102707-Julie.3g2:SummaryInformation 120 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\102707-Julie.3g2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Here's to the Meantime - Grace Potter and the Nocturnals.m4a:SummaryInformation 184 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Here's to the Meantime - Grace Potter and the Nocturnals.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Kissing In A Tree - Grace Potter and the Nocturnals.m4a:SummaryInformation 180 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Kissing In A Tree - Grace Potter and the Nocturnals.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Dead Can Dance\Summoning Of The Muse - Dead Can Dance.m4a:SummaryInformation 168 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Dead Can Dance\Summoning Of The Muse - Dead Can Dance.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Cocteau Twins\My Truth - Cocteau Twins.m4a:SummaryInformation 156 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Cocteau Twins\My Truth - Cocteau Twins.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Corinne Bailey Rae\One Night (Of Sin) - Corinne Bailey Rae.m4a:SummaryInformation 168 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Corinne Bailey Rae\One Night (Of Sin) - Corinne Bailey Rae.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\01\68-{D95A480A-DF8C-A3D4-DE86-488207013408}-v1-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\05\107-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v105-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 930 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\05\107-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v105-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\11\112-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v111-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 696 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\11\112-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v111-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\17\18-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v17-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 81560 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\20\83-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v20-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47352 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\20\83-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v20-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5224 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\22\84-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v22-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 40026 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\22\84-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v22-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4424 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\26\30-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v26-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1200 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\26\30-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v26-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\31\35-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v31-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1272 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\31\35-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v31-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\36\37-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v36-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\38\94-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18066 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\38\94-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1984 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\41\95-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 282 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\41\95-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 816 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\46\97-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7086 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\46\97-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 808 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\51\100-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v51-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7536 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\51\100-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v51-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 832 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\69\13-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v69-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 91596 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\69\13-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v69-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 6474 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\69\13-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v69-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11344 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\aparnell@hotmail.co.uk\DFSR\Staging\CS{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}\01\120-{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}-v1-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\aparnell@hotmail.co.uk\DFSR\Staging\CS{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}\21\122-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v121-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 732 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\aparnell@hotmail.co.uk\DFSR\Staging\CS{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}\21\122-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v121-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\01\10-{5389E97F-164C-12E7-77D9-1100CA231D6D}-v1-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\11\14-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v11-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1758 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\11\14-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v11-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\15\119-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v115-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4692 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\15\119-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v115-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\16\118-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v116-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4728 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\16\118-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v116-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\19-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2460 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\19-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\21-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2460 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\21-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\26\46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v26-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13962 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\26\46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v26-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\27\41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v27-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9642 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\27\41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v27-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1080 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\28\42-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v28-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13512 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\28\42-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v28-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\29\43-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v29-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16752 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\29\43-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v29-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1254 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\29\43-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v29-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1864 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\30\44-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v30-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12684 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\30\44-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v30-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\31\53-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v31-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14088 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\31\53-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v31-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1616 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\33\54-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v33-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14916 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\33\54-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v33-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1664 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\34\58-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v34-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12126 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\34\58-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v34-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1368 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\35\59-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v35-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11838 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\35\59-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v35-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1288 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\36\60-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v36-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11208 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\36\60-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v36-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1248 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\37\61-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v37-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9390 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\37\61-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v37-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1048 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\38\62-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14016 bytes hidden from API

**Crymmsun** · 2009-05-06, 17:32

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\38\62-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1536 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\40\64-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v40-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10470 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\40\64-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v40-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\47\65-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v47-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13674 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\47\65-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v47-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1512 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\63\67-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v63-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12990 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\63\67-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v63-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1448 bytes hidden from API
scan completed successfully
hidden files: 518

[Alternate Data Streams]
@Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:825D5945
@Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
< End of report >
[/code]

**peku006** · 2009-05-06, 20:09

Hi Crymmsun
i cant find anything about VirusRL2009

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
::regfind
VirusRL2009
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006

**Crymmsun** · 2009-05-07, 01:36

All right, it says it can't be found either. Here's the log:

SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 18:01 on 06/05/2009 by Owner (Administrator - Elevation successful)

Invalid Context: :regfind

No Context: VirusRL2009

-=End Of File=-

Here, though is a screen shot copy/paste of part of my startup from MSconfig. I had to make this an attachment because I couldn't figure out how to paste the screen shot to this reply.

Yes, the item is disabled as I did that before I contacted you here. Can it be deleted somehow? If it can't, is it posing a problem? Also, I've checked under "C:\ProgramFiles\VirusRL2009\VirusRL2009.exe" and this does not exist. So, how come the item is still in the startup line up?

I know, I'm probably just being nitpicky, huh? ::Grins.:: If you tell me it's nothing to worry about I'll let it go and not worry. ::Winks.:: Thank you for helping me on this.

**peku006** · 2009-05-07, 12:49

Hi bjacks9

I am sorry I did a "typo"......should be so ":regfind" not "::regfind"

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:regfind
VirusRL2009
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006

**Crymmsun** · 2009-05-07, 23:36

Here is the new SystemLook Log:

SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 16:34 on 07/05/2009 by Owner (Administrator - Elevation successful)

========== regfind ==========

Searching for "VirusRL2009"
[HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU]
""Value""=="VirusRL2009ScreenShot.doc Julie's_Resume[1a].doc Nickelback-DarkHorse.doc The slings and arrows.doc The Old West.doc DeadWarlocksExplained DeadWarlocks.doc Dreams In Dreams - 11-18-2008.doc Mab&Dragon111508.doc TheDragonAndMab111508"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusRL2009]
[HKEY_USERS\S-1-5-21-854245398-789336058-2147007523-1003\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU]
""Value""=="VirusRL2009ScreenShot.doc Julie's_Resume[1a].doc Nickelback-DarkHorse.doc The slings and arrows.doc The Old West.doc DeadWarlocksExplained DeadWarlocks.doc Dreams In Dreams - 11-18-2008.doc Mab&Dragon111508.doc TheDragonAndMab111508"
[HKEY_USERS\S-1-5-21-854245398-789336058-2147007523-1003\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
[HKEY_USERS\S-1-5-21-854245398-789336058-2147007523-1003\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"

-=End Of File=-

Thread: VirusRL2009.exe in Startup. Disabled? Need help cleaning.

Thread Tools

Display

Posting Permissions