1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Downloader Virus, vmmdiag32.exe help

Discussion in 'Malware and Virus Removal Archive' started by 65cj, 2006/11/02.

Thread Status:
Not open for further replies.
Page 2 of 5
  1. 2006/11/07
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    There was a lot there and had to post in several sections, sorry.

    C:\!KillBox\3611010322516384.exe 10/14/2006 4:04 PM 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\!KillBox\msupd01124000.exe 11/3/2006 9:34 AM 3.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\!KillBox\msupd01133593.exe 11/3/2006 7:45 PM 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\!KillBox\msupd01135750.exe 11/3/2006 9:34 AM 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\!KillBox\msupd01137921.exe 11/2/2006 10:05 AM 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\!KillBox\msupd01143250.exe 10/31/2006 10:50 AM 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\!KillBox\msupd0130254578.exe 10/31/2006 7:24 PM 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\BIT2FD.tmp 10/20/2006 12:42 AM 30.02 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3E4A5D.exe 11/7/2006 1:09 PM 17.93 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37687954.exe 11/7/2006 1:08 PM 17.94 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376E4D4D.exe 11/7/2006 1:08 PM 4.93 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376E4D4D.tmp 11/7/2006 1:08 PM 31.91 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3772774A.exe 11/7/2006 1:09 PM 17.93 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3857761B.exe 11/7/2006 1:09 PM 17.94 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46766C5E.exe 11/7/2006 1:09 PM 17.93 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69BA4C64.exe 11/7/2006 1:09 PM 17.93 KB Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{186E2526-9B42-48DD-A9CA-68233539DEE2} 11/7/2006 1:23 PM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{186E2526-9B42-48DD-A9CA-68233539DEE2}\00000001.RMA 11/7/2006 1:23 PM 422 bytes Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8C0B3CAC-5B2E-41A8-891D-9F511E28E8B8} 11/7/2006 1:37 PM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8C0B3CAC-5B2E-41A8-891D-9F511E28E8B8}\00000001.RMA 11/7/2006 1:37 PM 972 bytes Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E5BBFE97-5B51-465B-875B-74F135D3C9E0} 11/7/2006 1:31 PM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E5BBFE97-5B51-465B-875B-74F135D3C9E0}\00000001.RMA 11/7/2006 1:31 PM 390 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Cookies\brad rabideau@2o7[1].txt 11/7/2006 1:44 PM 247 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Cookies\brad rabideau@2o7[3].txt 11/7/2006 1:00 PM 245 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temp\JET89A4.tmp 11/7/2006 1:56 PM 0 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temp\scan0.sca 11/7/2006 1:12 PM 1.53 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\31_join[1].jpg 11/7/2006 1:56 PM 1.08 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\4_join[1].jpg 11/7/2006 1:56 PM 1.34 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\chat_yosw[1].gif 11/7/2006 1:45 PM 3.49 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\GetModelImage[2].aspx 11/7/2006 1:44 PM 4.96 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.38 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_03[1].jpg 11/7/2006 1:48 PM 3.25 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_04[1].jpg 11/7/2006 1:48 PM 9.37 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_15[1].jpg 11/7/2006 1:45 PM 3.38 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_17[1].jpg 11/7/2006 1:46 PM 314 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_20[1].jpg 11/7/2006 1:44 PM 309 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_29[1].jpg 11/7/2006 1:45 PM 308 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\index_31[1].jpg 11/7/2006 1:45 PM 746 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\spacer[1].gif 11/7/2006 1:45 PM 43 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\thumb_bg[1].jpg 11/7/2006 1:45 PM 382 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\vid_window_r4_c6[1].jpg 11/7/2006 1:44 PM 1.73 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\vid_window_r9_c7[1].jpg 11/7/2006 1:44 PM 1.99 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\09YZS1YZ\x2[1].gif 11/7/2006 1:44 PM 83 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\10_join_200[1].jpg 11/7/2006 1:56 PM 6.95 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\GetModelImage[2].aspx 11/7/2006 1:44 PM 3.65 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.65 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\GetModelImage[4].aspx 11/7/2006 1:52 PM 2.23 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_05[1].jpg 11/7/2006 1:48 PM 3.47 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_14[1].jpg 11/7/2006 1:46 PM 1.56 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_17[1].jpg 11/7/2006 1:44 PM 316 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_17[2].jpg 11/7/2006 1:45 PM 314 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_26[1].jpg 11/7/2006 1:45 PM 2.56 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_29[1].jpg 11/7/2006 1:45 PM 307 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_46[1].jpg 11/7/2006 1:45 PM 315 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\index_46[2].jpg 11/7/2006 1:45 PM 316 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\join_button[1].jpg 11/7/2006 1:48 PM 6.05 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\0TINC52J\line_left[1].jpg 11/7/2006 1:44 PM 2.14 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\27_join[1].jpg 11/7/2006 1:56 PM 3.90 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\GetModelImage[2].aspx 11/7/2006 1:44 PM 3.94 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\GetModelImage[3].aspx 11/7/2006 1:45 PM 2.48 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\GetModelImage[4].aspx 11/7/2006 1:45 PM 2.31 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\GetModelImage[5].aspx 11/7/2006 1:49 PM 2.25 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\index_01[1].jpg 11/7/2006 1:44 PM 654 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\index_15[1].jpg 11/7/2006 1:45 PM 3.37 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\index_16[1].jpg 11/7/2006 1:45 PM 310 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\index_28[1].jpg 11/7/2006 1:45 PM 1.03 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\index_42[1].jpg 11/7/2006 1:46 PM 602 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\index_45[1].jpg 11/7/2006 1:46 PM 4.88 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\nav_back[1].jpg 11/7/2006 1:44 PM 400 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\spacer[1].gif 11/7/2006 1:44 PM 43 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\thumb_bg[1].jpg 11/7/2006 1:45 PM 412 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\2YVB9C77\vid_window_r2_c2[1].jpg 11/7/2006 1:44 PM 16.49 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\3X0SNR62 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\17_join_200[1].jpg 11/7/2006 1:56 PM 7.63 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\chat_fiti[1].gif 11/7/2006 1:45 PM 3.31 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\GetModelImage[1].aspx 11/7/2006 1:44 PM 4.66 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.60 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\GetModelImage[4].aspx 11/7/2006 1:44 PM 4.61 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_15[1].jpg 11/7/2006 1:46 PM 3.42 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_16[1].jpg 11/7/2006 1:45 PM 310 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_16[2].jpg 11/7/2006 1:46 PM 312 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_18[1].jpg 11/7/2006 1:44 PM 483 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_26[1].jpg 11/7/2006 1:48 PM 3.00 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_28[1].jpg 11/7/2006 1:45 PM 1.06 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\index_28[2].jpg 11/7/2006 1:45 PM 1.02 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\logo[1].gif 11/7/2006 1:44 PM 8.36 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\next[1].gif 11/7/2006 1:45 PM 460 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\spacer[1].gif 11/7/2006 1:45 PM 43 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\492VG9QJ\vid_window_r4_c2[1].jpg 11/7/2006 1:44 PM 380 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\4D4XUFG5 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\4DEVOXER 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\4TQRWT6R 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\14_join[1].jpg 11/7/2006 1:56 PM 3.72 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\21_join[1].jpg 11/7/2006 1:56 PM 5.87 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\back[1].gif 11/7/2006 1:46 PM 484 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\CAIF0L2V.jsp 11/7/2006 1:01 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\GetModelImage[1].aspx 11/7/2006 1:44 PM 5.56 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.77 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\GetModelImage[4].aspx 11/7/2006 1:53 PM 2.20 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\GetModelImage[5].aspx 11/7/2006 1:52 PM 2.45 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\index_05[1].jpg 11/7/2006 1:45 PM 3.55 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\index_21[1].jpg 11/7/2006 1:45 PM 333 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\index_22[1].jpg 11/7/2006 1:45 PM 492 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\index_33[1].jpg 11/7/2006 1:45 PM 940 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\index_35[1].jpg 11/7/2006 1:45 PM 378 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\join_us[1].jpg 11/7/2006 1:46 PM 1.76 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\printer[1].gif 11/7/2006 1:01 PM 1.06 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\search[1] 11/7/2006 1:44 PM 20.60 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\stats[1].gif 11/7/2006 1:00 PM 1.43 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\thread_dot[1].gif 11/7/2006 1:00 PM 1.04 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\vid_window_r15_c5[1].jpg 11/7/2006 1:44 PM 816 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\89234DE7\vid_window_r4_c19[1].jpg 11/7/2006 1:44 PM 1.57 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\GetModelImage[2].aspx 11/7/2006 1:52 PM 2.65 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\GetModelImage[3].aspx 11/7/2006 1:46 PM 2.25 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_02[1].jpg 11/7/2006 1:45 PM 1.29 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_05[1].jpg 11/7/2006 1:44 PM 3.90 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_18[1].jpg 11/7/2006 1:48 PM 566 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_19[1].jpg 11/7/2006 1:45 PM 437 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_20[1].jpg 11/7/2006 1:45 PM 310 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_30[1].jpg 11/7/2006 1:45 PM 346 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_33[1].jpg 11/7/2006 1:45 PM 930 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\index_35[1].jpg 11/7/2006 1:45 PM 368 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\joinback[1].jpg 11/7/2006 1:56 PM 13.55 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\8H47KZ83\WebUIValidation[1].js 11/7/2006 1:56 PM 14.14 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\00-GPW_box-2[1].jpg 11/7/2006 10:49 AM 77.54 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\00-GPW_box-3[1].jpg 11/7/2006 10:49 AM 81.59 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\19_join_200[1].jpg 11/7/2006 1:56 PM 14.16 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\36585193944c0419fbd2eb[1].jpg 11/7/2006 10:49 AM 1.99 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\avatar2202_11[1].gif 11/7/2006 10:41 AM 15.26 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\beer[1].gif 11/7/2006 10:41 AM 1.15 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\bios_button[1].jpg 11/7/2006 1:44 PM 1.72 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\firstnew[1].gif 11/7/2006 1:00 PM 967 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\front[1].asp 11/7/2006 1:01 PM 293 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\GetModelImage[2].aspx 11/7/2006 1:53 PM 2.18 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\go[1].gif 11/7/2006 10:43 AM 193 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\hurricane[1].gif 11/7/2006 10:41 AM 744 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\icon_mini_profile[1].gif 11/7/2006 10:49 AM 228 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\im_msn[1].gif 11/7/2006 10:41 AM 1.01 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_08[1].jpg 11/7/2006 1:45 PM 661 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_12[1].jpg 11/7/2006 1:45 PM 557 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_30[1].jpg 11/7/2006 1:46 PM 344 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_31[1].jpg 11/7/2006 1:46 PM 676 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_33[1].jpg 11/7/2006 1:46 PM 990 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_41[1].jpg 11/7/2006 1:45 PM 1.02 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\A1HUNQXG\index_42[1].jpg 11/7/2006 1:45 PM 624 bytes Hidden from Windows API.
     
    Last edited: 2006/11/07
    65cj,
    #21
  2. 2006/11/07
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\30_join[1].jpg 11/7/2006 1:56 PM 789 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\4630804764518b08b59ea4[1].jpg 11/7/2006 10:49 AM 1.57 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\avatar751_0[1].gif 11/7/2006 10:41 AM 7.63 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\bios_button[1].jpg 11/7/2006 1:45 PM 1.72 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\CAQFSNDY 11/7/2006 10:43 AM 5.82 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\ChatOpList2[1].aspx 11/7/2006 1:56 PM 14.93 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\collapse_tcat[1].gif 11/7/2006 1:00 PM 79 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\cool[1].gif 11/7/2006 10:41 AM 1.04 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\default[1].aspx 11/7/2006 1:56 PM 21.19 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\GetModelImage[2].aspx 11/7/2006 1:44 PM 5.46 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.18 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\GetModelImage[4].aspx 11/7/2006 1:53 PM 2.14 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\GetModelImage[5].aspx 11/7/2006 1:56 PM 1.82 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\icon_mini_members[1].gif 11/7/2006 10:49 AM 215 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\icon_mini_wiki[1].gif 11/7/2006 10:49 AM 220 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_02[1].gif 11/7/2006 10:43 AM 8.22 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_07[1].jpg 11/7/2006 1:45 PM 718 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_09[1].jpg 11/7/2006 1:46 PM 407 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_11[1].jpg 11/7/2006 1:46 PM 1.29 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_16[1].jpg 11/7/2006 1:44 PM 310 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_45[1].jpg 11/7/2006 1:45 PM 4.39 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\index_45[2].jpg 11/7/2006 1:45 PM 4.29 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\lines_dot[1].gif 11/7/2006 10:43 AM 56 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\login_button[1].jpg 11/7/2006 1:48 PM 1.71 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\menu_bg[1].jpg 11/7/2006 1:45 PM 410 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\navbits_finallink[1].gif 11/7/2006 1:00 PM 1.06 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\post_new[1].gif 11/7/2006 10:41 AM 529 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\quote[1].gif 11/7/2006 10:41 AM 2.13 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\rating_2[1].gif 11/7/2006 10:41 AM 595 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\rating_5[1].gif 11/7/2006 10:41 AM 1.25 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\removing-tub-1[1].gif 11/7/2006 10:41 AM 177.87 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\removing-tub-4[1].gif 11/7/2006 10:41 AM 168.92 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\reply[1].gif 11/7/2006 1:01 PM 3.14 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\resize_1[1].gif 11/7/2006 10:41 AM 61 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\spacer[1].gif 11/7/2006 10:49 AM 43 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\thread_lock[1].gif 11/7/2006 10:41 AM 1.13 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\underline[1].gif 11/7/2006 10:41 AM 88 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\user_online[1].gif 11/7/2006 10:41 AM 1.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\user_online[2].gif 11/7/2006 1:01 PM 1.01 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJEN8VWR\x2[1].gif 11/7/2006 10:53 AM 83 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\__utm[1].gif 11/7/2006 1:00 PM 35 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\__utm[2].gif 11/7/2006 1:01 PM 35 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\gradient_thead[1].gif 11/7/2006 1:00 PM 1.31 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_06[1].jpg 11/7/2006 1:45 PM 561 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_20[1].jpg 11/7/2006 1:45 PM 311 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_26[1].jpg 11/7/2006 1:46 PM 2.62 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_28[1].jpg 11/7/2006 1:46 PM 1.03 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_37[1].jpg 11/7/2006 1:45 PM 1.36 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_37[2].jpg 11/7/2006 1:48 PM 1.35 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_39[1].jpg 11/7/2006 1:45 PM 717 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\index_39[2].jpg 11/7/2006 1:48 PM 722 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\showthread[1].php 11/7/2006 1:01 PM 74.68 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\sortasc[1].gif 11/7/2006 1:00 PM 967 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\GJUBC1UZ\TIC60x60[2].jpg 11/7/2006 1:01 PM 1.55 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\24_join[1].jpg 11/7/2006 1:56 PM 3.02 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\GetModelImage[2].aspx 11/7/2006 1:45 PM 6.11 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_02[1].jpg 11/7/2006 1:45 PM 699 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_02[2].jpg 11/7/2006 1:48 PM 1.92 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_12[1].jpg 11/7/2006 1:45 PM 539 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_18[1].jpg 11/7/2006 1:46 PM 493 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_19[1].jpg 11/7/2006 1:44 PM 449 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_28[1].jpg 11/7/2006 1:48 PM 1.05 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_30[1].jpg 11/7/2006 1:45 PM 356 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_30[2].jpg 11/7/2006 1:48 PM 343 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\index_33[1].jpg 11/7/2006 1:45 PM 963 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\rating_4[1].gif 11/7/2006 1:01 PM 1.18 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\thumb_bg[1].jpg 11/7/2006 1:45 PM 395 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\H1RBIOQX\vid_window_r36_c2[1].jpg 11/7/2006 1:44 PM 314 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\HW0NL1GT 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_02[1].jpg 11/7/2006 1:45 PM 864 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_04[1].jpg 11/7/2006 1:45 PM 8.77 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_05[1].jpg 11/7/2006 1:45 PM 4.05 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_19[1].jpg 11/7/2006 1:45 PM 429 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_23[1].jpg 11/7/2006 1:44 PM 304 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_23[2].jpg 11/7/2006 1:46 PM 305 bytes Hidden from Windows API.
     
    65cj,
    #22


  3. to hide this advert.

  4. 2006/11/07
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_24[1].jpg 11/7/2006 1:44 PM 707 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_24[2].jpg 11/7/2006 1:46 PM 734 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_31[1].jpg 11/7/2006 1:48 PM 740 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_33[1].jpg 11/7/2006 1:48 PM 927 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\I0P332LR\index_34[1].jpg 11/7/2006 1:45 PM 370 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\18-staff-sergeant[1].gif 11/7/2006 10:49 AM 625 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\25_join[1].jpg 11/7/2006 1:56 PM 4.72 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\announcement_old[1].gif 11/7/2006 1:00 PM 1.09 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\desktop.ini 11/7/2006 1:45 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\forum_new[1].gif 11/7/2006 1:00 PM 1.66 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\google[1] 11/7/2006 1:00 PM 5.35 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_03[1].jpg 11/7/2006 1:45 PM 4.92 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_07[1].jpg 11/7/2006 1:45 PM 649 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_07[2].jpg 11/7/2006 1:48 PM 670 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_22[1].jpg 11/7/2006 1:45 PM 473 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_34[1].jpg 11/7/2006 1:45 PM 373 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_34[2].jpg 11/7/2006 1:48 PM 395 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\index_35[1].jpg 11/7/2006 1:45 PM 368 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\menu_bg[1].jpg 11/7/2006 1:46 PM 404 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\newthread[1].gif 11/7/2006 1:00 PM 3.09 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IFC3M365\rating_1[1].gif 11/7/2006 1:01 PM 547 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\IL5QFELW 11/2/2006 10:59 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\18_join_200[1].jpg 11/7/2006 1:56 PM 5.52 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\GetModelImage[2].aspx 11/7/2006 1:44 PM 4.00 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_01[1].jpg 11/7/2006 1:45 PM 645 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_03[1].jpg 11/7/2006 1:45 PM 4.24 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_06[1].jpg 11/7/2006 1:48 PM 587 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_18[1].jpg 11/7/2006 1:45 PM 457 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_21[1].jpg 11/7/2006 1:44 PM 332 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_22[1].jpg 11/7/2006 1:44 PM 465 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_22[2].jpg 11/7/2006 1:46 PM 484 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_29[1].jpg 11/7/2006 1:48 PM 309 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\index_33[1].jpg 11/7/2006 1:45 PM 999 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\spacer[1].gif 11/7/2006 1:45 PM 43 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\JP3WLBZS\vid_window_r36_c25[1].jpg 11/7/2006 1:44 PM 306 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\12-sergeant-major-of-the-gee[1].gif 11/7/2006 10:49 AM 653 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\1x1[1].gif 11/7/2006 10:43 AM 49 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\26_join[1].jpg 11/7/2006 1:56 PM 10.40 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\ascjeep2[1].jpg 11/7/2006 10:49 AM 3.30 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\avatar4365_2[1].gif 11/7/2006 10:49 AM 9.26 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\CAYB67ET 11/7/2006 10:43 AM 4.71 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\cellpic1[1].gif 11/7/2006 10:49 AM 238 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\createlink[1].gif 11/7/2006 10:41 AM 195 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\desktop.ini 11/7/2006 1:45 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\edit[1].gif 11/7/2006 1:01 PM 2.09 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\forum_old[1].gif 11/7/2006 1:00 PM 1.47 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\forumdisplay[1].php 11/7/2006 10:52 AM 55.74 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\icon_rotflmao[1].gif 11/7/2006 10:41 AM 570 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\im_aim[1].gif 11/7/2006 10:41 AM 1013 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\index_09[1].jpg 11/7/2006 1:45 PM 412 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\index_13[1].jpg 11/7/2006 1:48 PM 441 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\index_34[1].jpg 11/7/2006 1:46 PM 373 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\index_42[1].jpg 11/7/2006 1:48 PM 717 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\index_45[1].jpg 11/7/2006 1:45 PM 5.45 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\multipage[1].gif 11/7/2006 1:00 PM 565 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\printer[1].gif 11/7/2006 10:41 AM 1.05 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\removing-tub-5[1].gif 11/7/2006 10:41 AM 178.34 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\showthread[1].php 11/7/2006 10:42 AM 50.03 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\vbulletin_menu[1].js 11/7/2006 1:00 PM 14.89 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\vbulletin_textedit[1].js 11/7/2006 10:41 AM 76.05 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LBFJDPWE\vbulletin_textedit[2].js 11/7/2006 1:01 PM 71.04 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\LVIA9BOZ 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\22_join[1].jpg 11/7/2006 1:56 PM 1.76 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\29_join[1].jpg 11/7/2006 1:56 PM 844 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\al[1].htm 11/7/2006 1:00 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\announcement_new[1].gif 11/7/2006 10:41 AM 1.07 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\avatar2235_21[1].gif 11/7/2006 10:41 AM 9.58 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\avatar4277_10[1].gif 11/7/2006 10:41 AM 4.98 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\avatar797_1[1].gif 11/7/2006 10:41 AM 6.81 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\CAMZCD2Z 11/7/2006 10:43 AM 4.71 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\culminis_EMEA[1].gif 11/7/2006 1:00 PM 4.22 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\firstnew[1].gif 11/7/2006 10:41 AM 561 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\flag[1].gif 11/7/2006 10:41 AM 539 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\GetModelImage[2].aspx 11/7/2006 1:44 PM 3.98 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\GetModelImage[3].aspx 11/7/2006 1:45 PM 1.82 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\icon_eek[1].gif 11/7/2006 10:41 AM 170 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\icon_mini_faq[1].gif 11/7/2006 10:49 AM 211 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\icon_mini_message[1].gif 11/7/2006 10:49 AM 224 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\icon_profile[1].gif 11/7/2006 10:49 AM 801 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\icon_www[1].gif 11/7/2006 10:49 AM 733 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_01[1].gif 11/7/2006 10:43 AM 387 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_01[1].jpg 11/7/2006 1:46 PM 647 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_04[1].gif 11/7/2006 10:43 AM 3.80 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_04[1].jpg 11/7/2006 1:46 PM 8.74 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_09[1].jpg 11/7/2006 1:45 PM 428 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_14[1].jpg 11/7/2006 1:44 PM 1.45 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_23[1].jpg 11/7/2006 1:48 PM 304 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_24[1].jpg 11/7/2006 1:45 PM 716 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_36[1].jpg 11/7/2006 1:45 PM 380 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\index_39[1].jpg 11/7/2006 1:45 PM 720 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\italic[1].gif 11/7/2006 10:41 AM 79 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\login_button[1].jpg 11/7/2006 1:45 PM 1.69 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\menuBackLogo[1].jpg 11/7/2006 10:53 AM 1.95 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\mode_hybrid[1].gif 11/7/2006 1:01 PM 598 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\MVP_Horizontal_FullColor[1].png 11/7/2006 1:00 PM 4.72 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\paperclip[1].gif 11/7/2006 10:41 AM 305 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\quote[1].gif 11/7/2006 10:41 AM 122 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\rootkitrevealer[1].zip 11/7/2006 1:01 PM 210.17 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\subscribe[1].gif 11/7/2006 10:41 AM 1.08 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\vbulletin_post_loader[1].js 11/7/2006 10:41 AM 3.41 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\vbulletin_quick_edit[1].js 11/7/2006 10:41 AM 14.09 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M18B07SH\whos_online[1].gif 11/7/2006 10:40 AM 1.41 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\06-colonel[1].gif 11/7/2006 10:49 AM 578 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\2_join[1].jpg 11/7/2006 1:56 PM 1.02 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\9_join[1].jpg 11/7/2006 1:56 PM 2.49 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\__utm[1].gif 11/7/2006 1:01 PM 35 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\__utm[1].js 11/7/2006 1:00 PM 21.03 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\al[1].htm 11/7/2006 1:01 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\avatar1813_102[1].gif 11/7/2006 10:41 AM 4.97 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\avatar4303_3[1].gif 11/7/2006 10:41 AM 7.70 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\bios_button[1].jpg 11/7/2006 1:45 PM 1.71 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\color[1].gif 11/7/2006 10:41 AM 89 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\forums[1] 11/7/2006 10:40 AM 42.61 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\func_033[1].js 11/7/2006 1:00 PM 73.94 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\GetModelImage[2].aspx 11/7/2006 1:44 PM 4.40 KB Hidden from Windows API.
     
    65cj,
    #23
  5. 2006/11/07
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.01 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\gradient_nav[1].gif 11/7/2006 1:00 PM 178 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\icon14[1].gif 11/7/2006 10:40 AM 1023 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\icon1[1].gif 11/7/2006 10:40 AM 1.01 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\icon9[1].gif 11/7/2006 10:41 AM 1.03 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\icon_mini_login[1].gif 11/7/2006 10:49 AM 225 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\icon_pm[1].gif 11/7/2006 10:49 AM 833 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\icon_website_home[1].gif 11/7/2006 10:49 AM 238 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_03[1].gif 11/7/2006 10:43 AM 1.19 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_05[1].jpg 11/7/2006 1:46 PM 3.43 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_06[1].jpg 11/7/2006 1:46 PM 552 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_07[1].jpg 11/7/2006 1:46 PM 641 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_08[1].jpg 11/7/2006 1:45 PM 656 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_13[1].jpg 11/7/2006 1:44 PM 450 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_37[1].jpg 11/7/2006 1:45 PM 1.33 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_39[1].jpg 11/7/2006 1:45 PM 718 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\index_41[1].jpg 11/7/2006 1:45 PM 1005 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\lastpost[1].gif 11/7/2006 10:40 AM 964 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\login_button[1].jpg 11/7/2006 1:45 PM 1.71 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\menu_open[1].gif 11/7/2006 10:40 AM 279 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\middle_menu1[1].gif 11/7/2006 10:43 AM 541 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\mode_threaded[1].gif 11/7/2006 1:01 PM 588 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\navbits_start[1].gif 11/7/2006 10:40 AM 1004 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\rating_4[1].gif 11/7/2006 10:41 AM 1.16 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\removing-tub-3[1].gif 11/7/2006 10:41 AM 171.33 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\reply[1].gif 11/7/2006 10:41 AM 3.15 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\report[1].gif 11/7/2006 10:41 AM 1014 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\sortasc[1].gif 11/7/2006 10:41 AM 561 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\spelling[1].gif 11/7/2006 10:41 AM 99 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\stats[1].gif 11/7/2006 10:40 AM 1.43 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\sticky[1].gif 11/7/2006 10:41 AM 521 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\style[1].css 11/7/2006 10:43 AM 2.78 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\user_offline[1].gif 11/7/2006 10:41 AM 1.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\vbulletin_global[1].js 11/7/2006 10:40 AM 36.41 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\vbulletin_quick_reply[1].js 11/7/2006 10:41 AM 8.84 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\M7SB0VYR\vid_window_r8_c4[1].jpg 11/7/2006 1:44 PM 591 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\13_join[1].jpg 11/7/2006 1:56 PM 4.07 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\chat_main[1].gif 11/7/2006 1:44 PM 4.22 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\GetModelImage[1].aspx 11/7/2006 1:44 PM 4.30 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\GetModelImage[2].aspx 11/7/2006 1:45 PM 2.18 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\index_13[1].jpg 11/7/2006 1:45 PM 501 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\index_14[1].jpg 11/7/2006 1:45 PM 1.68 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\index_37[1].jpg 11/7/2006 1:46 PM 1.35 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\index_39[1].jpg 11/7/2006 1:46 PM 730 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\index_46[1].jpg 11/7/2006 1:45 PM 317 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\join_button[1].jpg 11/7/2006 1:44 PM 5.44 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\join_button[2].jpg 11/7/2006 1:45 PM 5.30 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\thumb_bg[1].jpg 11/7/2006 1:45 PM 387 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MDQT6TGV\thumb_bg[2].jpg 11/7/2006 1:48 PM 394 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MP4NA9IT 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\chat_innt[1].gif 11/7/2006 1:46 PM 3.45 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\GetModelImage[2].aspx 11/7/2006 1:44 PM 3.23 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\GetModelImage[3].aspx 11/7/2006 1:45 PM 2.16 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\GetModelImage[4].aspx 11/7/2006 1:46 PM 2.33 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\GetModelImage[5].aspx 11/7/2006 1:56 PM 6.11 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\GetModelImage[7].aspx 11/7/2006 1:56 PM 2.16 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\index_02[1].jpg 11/7/2006 1:44 PM 858 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\index_04[1].jpg 11/7/2006 1:45 PM 7.66 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\index_17[1].jpg 11/7/2006 1:48 PM 314 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\index_18[1].jpg 11/7/2006 1:45 PM 479 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\index_19[1].jpg 11/7/2006 1:45 PM 433 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\index_31[1].jpg 11/7/2006 1:45 PM 702 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\Receive[1].swf 11/7/2006 1:45 PM 33.27 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\spacer[1].gif 11/7/2006 1:56 PM 43 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\vid_window_r12_c7[1].jpg 11/7/2006 1:44 PM 987 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\MPO3EPA5\vid_window_r4_c12[1].jpg 11/7/2006 1:44 PM 1.94 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\11_join_200[1].jpg 11/7/2006 1:56 PM 3.73 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\desktop.ini 11/7/2006 1:45 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\index_01[1].jpg 11/7/2006 1:45 PM 740 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\index_19[1].jpg 11/7/2006 1:46 PM 417 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\index_20[1].jpg 11/7/2006 1:46 PM 310 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\index_21[1].jpg 11/7/2006 1:46 PM 332 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\N548HZFP\index_31[1].jpg 11/7/2006 1:45 PM 745 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\34_join[1].jpg 11/7/2006 1:56 PM 734 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\GetModelImage[1].aspx 11/7/2006 1:53 PM 2.26 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\GetModelImage[2].aspx 11/7/2006 1:44 PM 3.96 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\GetModelImage[3].aspx 11/7/2006 1:45 PM 2.37 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\GetModelImage[5].aspx 11/7/2006 1:52 PM 2.22 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\GetModelImage[6].aspx 11/7/2006 1:53 PM 2.61 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_01[1].jpg 11/7/2006 1:45 PM 699 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_03[1].jpg 11/7/2006 1:44 PM 5.03 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_16[1].jpg 11/7/2006 1:48 PM 310 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_17[1].jpg 11/7/2006 1:45 PM 314 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_18[1].jpg 11/7/2006 1:45 PM 464 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_29[1].jpg 11/7/2006 1:44 PM 307 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\O50DMJ4T\index_30[1].jpg 11/7/2006 1:45 PM 342 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\32_join[1].jpg 11/7/2006 1:56 PM 957 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\bios_button[1].jpg 11/7/2006 1:46 PM 1.71 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\desktop.ini 11/7/2006 1:45 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_05[1].jpg 11/7/2006 1:45 PM 3.73 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_06[1].jpg 11/7/2006 1:45 PM 561 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_08[1].jpg 11/7/2006 1:48 PM 690 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_23[1].jpg 11/7/2006 1:45 PM 304 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_35[1].jpg 11/7/2006 1:45 PM 366 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_35[2].jpg 11/7/2006 1:48 PM 362 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\index_36[1].jpg 11/7/2006 1:45 PM 380 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\lastpost[1].gif 11/7/2006 1:00 PM 967 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\rating_2[1].gif 11/7/2006 1:01 PM 607 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\QLW5M1G3\subscribe[1].gif 11/7/2006 1:01 PM 1.08 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\RTNZ6WLC 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\RVXJ3HSO 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\5_join[1].jpg 11/7/2006 1:56 PM 1.44 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\desktop.ini 11/7/2006 1:45 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_04[1].jpg 11/7/2006 1:45 PM 8.55 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_08[1].jpg 11/7/2006 1:45 PM 679 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_09[1].jpg 11/7/2006 1:48 PM 425 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_21[1].jpg 11/7/2006 1:45 PM 333 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_36[1].jpg 11/7/2006 1:45 PM 380 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_36[2].jpg 11/7/2006 1:48 PM 378 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\index_37[1].jpg 11/7/2006 1:45 PM 1.33 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\join_button[1].jpg 11/7/2006 1:46 PM 5.79 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\quote[1].gif 11/7/2006 1:01 PM 2.16 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\rating_3[1].gif 11/7/2006 1:01 PM 1.08 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\S78TMR87\spacer[1].gif 11/7/2006 1:45 PM 43 bytes Hidden from Windows API.
     
    65cj,
    #24
  6. 2006/11/07
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\15_join[1].jpg 11/7/2006 1:56 PM 2.46 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\8_join[1].jpg 11/7/2006 1:56 PM 2.86 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\CA5BV9KW.jsp 11/7/2006 1:01 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\CAFDDR1J.jsp 11/7/2006 1:01 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\CASV5BYE.jsp 11/7/2006 1:01 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\formIE[1].css 11/7/2006 10:49 AM 354 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\forum_old_lock[1].gif 11/7/2006 1:00 PM 1.58 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\GetModelImage[2].aspx 11/7/2006 1:44 PM 4.00 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\GetModelImage[3].aspx 11/7/2006 1:44 PM 4.22 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\icon_cool[1].gif 11/7/2006 10:49 AM 172 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\icon_cry[1].gif 11/7/2006 10:49 AM 498 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\icon_mini_register[1].gif 11/7/2006 10:49 AM 216 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_03[1].jpg 11/7/2006 1:46 PM 4.34 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_11[1].jpg 11/7/2006 1:44 PM 1.18 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_11[2].jpg 11/7/2006 1:45 PM 1.02 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_21[1].jpg 11/7/2006 1:45 PM 332 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_21[2].jpg 11/7/2006 1:48 PM 354 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_22[1].jpg 11/7/2006 1:48 PM 492 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_23[1].jpg 11/7/2006 1:45 PM 304 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_31[1].jpg 11/7/2006 1:45 PM 755 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\index_37[1].jpg 11/7/2006 1:45 PM 1.34 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\nav_logo[1].png 11/7/2006 1:44 PM 4.94 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\navbits_start[1].gif 11/7/2006 1:00 PM 1006 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\print[1].css 11/7/2006 10:53 AM 1.04 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\sendtofriend[1].gif 11/7/2006 1:01 PM 1.11 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\spacer[1].gif 11/7/2006 1:46 PM 43 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\thread[1].gif 11/7/2006 1:00 PM 1.10 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\SL6ZW9A7\vid_window_r6_c2[1].jpg 11/7/2006 1:44 PM 312 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\20_join[1].jpg 11/7/2006 1:56 PM 1.26 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\chat_tedr[1].gif 11/7/2006 1:45 PM 3.48 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\ChatOpList2[1].aspx 11/7/2006 1:53 PM 14.92 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\default[1].aspx 11/7/2006 1:53 PM 21.19 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\GetModelImage[2].aspx 11/7/2006 1:53 PM 2.65 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\GetModelImage[3].aspx 11/7/2006 1:56 PM 2.25 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\GetModelImage[4].aspx 11/7/2006 1:53 PM 2.73 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\index_14[1].jpg 11/7/2006 1:45 PM 1.59 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\index_14[2].jpg 11/7/2006 1:48 PM 1.61 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\index_15[1].jpg 11/7/2006 1:45 PM 3.44 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\index_26[1].jpg 11/7/2006 1:44 PM 2.45 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\index_26[2].jpg 11/7/2006 1:45 PM 2.53 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\index_41[1].jpg 11/7/2006 1:46 PM 1.02 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\line_bottom[1].jpg 11/7/2006 1:44 PM 2.14 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\vid_window_r10_c7[1].jpg 11/7/2006 1:44 PM 360 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\TT9M7VDE\vid_window_r11_c7[1].jpg 11/7/2006 1:44 PM 1019 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\W9UR8TI7 11/2/2006 1:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\0_join[1].jpg 11/7/2006 1:56 PM 925 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\7_join[1].jpg 11/7/2006 1:56 PM 2.37 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\adpic1[1].gif 11/7/2006 10:43 AM 2.97 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\avatar1463_14[1].gif 11/7/2006 10:49 AM 11.99 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\avatar790_10[1].gif 11/7/2006 10:49 AM 27.04 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\bbs-rcs[1].png 11/7/2006 1:00 PM 6.67 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\cellpic3[1].gif 11/7/2006 10:49 AM 249 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\collapse_thead[1].gif 11/7/2006 1:00 PM 68 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\desktop.ini 11/7/2006 1:44 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\earlycj5[1].htm 11/7/2006 10:53 AM 16.22 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\GetModelImage[2].aspx 11/7/2006 1:44 PM 5.09 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\GetModelImage[3].aspx 11/7/2006 1:45 PM 2.23 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\GetModelImage[4].aspx 11/7/2006 1:52 PM 2.26 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\icon_minipost[1].gif 11/7/2006 10:49 AM 122 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_03[1].jpg 11/7/2006 1:45 PM 3.59 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_06[1].jpg 11/7/2006 1:44 PM 567 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_19[1].jpg 11/7/2006 1:48 PM 440 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_20[1].jpg 11/7/2006 1:45 PM 311 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_24[1].jpg 11/7/2006 1:45 PM 746 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_34[1].jpg 11/7/2006 1:45 PM 365 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\index_34[2].jpg 11/7/2006 1:45 PM 362 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\spacer[1].gif 11/7/2006 10:43 AM 43 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\thread_lock_new[1].gif 11/7/2006 1:00 PM 1.22 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\thumb_bg[1].jpg 11/7/2006 1:46 PM 406 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\vbulletin_editor[1].css 11/7/2006 1:01 PM 3.27 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\vbulletin_quick_edit[1].js 11/7/2006 1:01 PM 11.81 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\vid_window_r13_c5[1].jpg 11/7/2006 1:44 PM 489 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WX2Z012Z\vid_window_r6_c25[1].jpg 11/7/2006 1:44 PM 309 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\07-lieutenant-colonel[1].gif 11/7/2006 10:49 AM 957 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\33_join[1].jpg 11/7/2006 1:56 PM 1.73 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\97[1].jpg 11/7/2006 10:49 AM 4.97 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\avatar3631_1[1].gif 11/7/2006 10:41 AM 4.56 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\bbs-logo[1].png 11/7/2006 1:00 PM 23.69 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\blank[1].gif 11/7/2006 1:00 PM 67 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\bold[1].gif 11/7/2006 10:41 AM 77 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\CAVUOV7T.jsp 11/7/2006 1:01 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\desktop.ini 11/7/2006 1:45 PM 67 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\forumdisplay[1].php 11/7/2006 10:52 AM 47.19 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\GetModelImage[2].aspx 11/7/2006 1:53 PM 2.13 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\iagree[1].gif 11/7/2006 10:49 AM 4.13 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_11[1].jpg 11/7/2006 1:45 PM 1.08 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_11[2].jpg 11/7/2006 1:45 PM 1.13 KB Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_12[1].jpg 11/7/2006 1:48 PM 583 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_35[1].jpg 11/7/2006 1:46 PM 366 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_42[1].jpg 11/7/2006 1:45 PM 681 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_46[1].jpg 11/7/2006 1:45 PM 309 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\index_46[2].jpg 11/7/2006 1:48 PM 309 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\insertimage[1].gif 11/7/2006 10:41 AM 149 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\jeep%20in%20crate[1].jpg 11/7/2006 10:49 AM 152.80 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\long[1].gif 11/7/2006 10:43 AM 60 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\menu_bg[1].jpg 11/7/2006 1:45 PM 395 bytes Hidden from Windows API.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\sendtofriend[1].gif 11/7/2006 10:41 AM 1.10 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\showthread[1].php 11/7/2006 10:43 AM 53.13 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\submit[1].gif 11/7/2006 10:43 AM 456 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\subscribed[1].gif 11/7/2006 1:00 PM 968 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\thread_dot_new[1].gif 11/7/2006 1:00 PM 1.12 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\vbulletin_editor[1].css 11/7/2006 10:41 AM 3.27 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Brad Rabideau\Local Settings\Temporary Internet Files\Content.IE5\WZLBIM71\viewpost[1].gif 11/7/2006 10:41 AM 964 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Wendy Rabideau\$SSP&\$8.$$p\$7.$$p\$6.$$p\$5.$$p\$4.$$p\$3.$$p\$2.$$p\wmr3948[1].: 6/6/2006 7:34 AM 12.11 KB Hidden from Windows API.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061106.019\vscanmsx.dat 11/7/2006 1:30 PM 2.02 KB Hidden from Windows API.
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0923NAV~.TMP 11/7/2006 1:55 PM 0 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163617.exe 10/14/2006 4:04 PM 16.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163618.exe 11/3/2006 9:34 AM 3.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163619.exe 11/3/2006 7:45 PM 16.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163620.exe 11/3/2006 9:34 AM 16.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163621.exe 11/2/2006 10:05 AM 16.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163622.exe 10/31/2006 10:50 AM 16.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{6F7FE906-3301-47CC-B70E-EB9DFD8CD8E6}\RP804\A0163623.exe 10/31/2006 7:24 PM 16.00 KB Hidden from Windows API.
     
    65cj,
    #25
  7. 2006/11/07
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    This is the only Backlight text file I could find.

    11/07/06 14:42:26 [Info]: BlackLight Engine 1.0.47 initialized
    11/07/06 14:42:26 [Info]: OS: 5.1 build 2600 ()
    11/07/06 14:42:26 [Note]: 7019 4
    11/07/06 14:42:26 [Note]: 7005 0
    11/07/06 14:42:36 [Note]: 7006 0
    11/07/06 14:42:36 [Note]: 7011 460
    11/07/06 14:42:36 [Note]: 7026 0
    11/07/06 14:42:37 [Note]: 7026 0
    11/07/06 14:42:44 [Note]: FSRAW library version 1.7.1020
     
    65cj,
    #26
  8. 2006/11/07
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, I'm not 100% sure we have gotten rid of Hax yet. I want to say it regenerated.

    I also can't find anything about that supposed ADS line either. My associate has never seen anything like it.

    Lets get a couple more logs here.

    Open HJT, click the 'None of the above, just start the program' button.
    Then click the 'Config' button in the lower right hand of the program.
    Then select the 'Misc Tools' button.
    In the upper left hand side of the program tick the two boxes 'List also minor sections (full)' button and the 'List empty sections (complete)' button and select 'Yes' when prompted by the dialog box. The resultant scan will produce a notepad log file, please paste that log file back here for me to review.

    Then:
    Please download SilentRunners from here

    Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

    Please post the entire contents of this logfile created back into this thread for me to see.
     
    TeMerc,
    #27
  9. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    StartupList report, 11/8/2006, 12:17:13 PM
    StartupList version: 1.52.2
    Started from : C:\HJT\highfixing.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\msupd01142843.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\HJT\highfixing.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    Microsoft Works Calendar Reminders.lnk = ?
    Uninstall.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    GWMDMMSG = GWMDMMSG.exe
    (Default) =
    EPSON Stylus CX6400 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400 "
    WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
    Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe "
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    SSC_UserPrompt = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    HostManager = C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
    IPHSend = C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    AIM = C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
    updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe vmmdiag32.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
    Norton Internet Security 2006 - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

    --------------------------------------------------

    Enumerating Download Program Files:

    [SupportSoft SmartIssue]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
    CODEBASE = http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [YInstStarter Class]
    InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

    [iNotes6 Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\inotes6W.dll
    CODEBASE = https://mymail.humana.com/iNotes6W.cab

    [FujifilmUploader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\FujifilmUploadClient.dll
    CODEBASE = http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

    [OggPlayer Class]
    InProcServer32 = C:\WINDOWS\System32\WMOggPlayer.dll
    CODEBASE = http://www.one2one.com/static/class/WMOggPlayer.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 8,220 bytes
    Report generated in 0.125 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
    65cj,
    #28
  10. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    "Silent Runners.vbs ", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++} "


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = " "C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "AIM" = "C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl" [file not found]
    "Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [ "Yahoo! Inc."]
    "ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
    "updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" [ "Adobe Systems Incorporated"]
    "Winstq" = "c:\msupd01133593.exe" [file not found]
    "Winsth" = "C:\msupd01133593.exe" [file not found]
    "WinMedia" = "c:\msupd01142843.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
    "GWMDMMSG" = "GWMDMMSG.exe" [ "GTW"]
    "(Default)" = "(empty string)" [file not found]
    "EPSON Stylus CX6400" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400" " [ "SEIKO EPSON CORPORATION"]
    "WorksFUD" = "C:\Program Files\Microsoft Works\wkfud.exe" [ "Microsoft® Corporation"]
    "Microsoft Works Portfolio" = "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers" [ "Microsoft® Corporation"]
    "Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ "Microsoft® Corporation"]
    "MoneyStartUp10.0" = " "C:\Program Files\Microsoft Money\System\Activation.exe" " [MS]
    "TkBellExe" = " "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]
    "ccApp" = " "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" " [ "Symantec Corporation"]
    "SSC_UserPrompt" = " "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" " [ "Symantec Corporation"]
    "HostManager" = "C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe" [ "America Online, Inc."]
    "IPHSend" = "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ "America Online, Inc."]
    "ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [ "Viewpoint Corporation"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [ "Sun Microsystems, Inc."]
     
    65cj,
    #29
  11. 2006/11/08
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK, two problems:
    The HJT start up was done without ticking the two boxes as instructed:
    It should be much longer with more info, specifically the services section which I was looking for.

    And the Silent Runners scan was not completed, its log is very long and usually takes several minutes to run.

    I'm sorry if things get confusing with all these tools to run and to post logs, I'm sure it gets tedious after a while.
     
    TeMerc,
    #30
  12. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    Sorry, this is all pretty new to me. I'm not very computer literate.
     
    65cj,
    #31
  13. 2006/11/08
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Oh dear...........I'm afraid I must apologise for a mistake I have made. :eek:

    Back when I first began to help you, I had you rename the hijackthis.exe, and this does not let the start up list feature run properly. We need to rename it back to hijackthis.exe again.

    I'm so sorry for wasting your time, and maybe getting you to think you were losing your mind.

    I'll delete those two posts above. Both were HJT start ups, btw.

    I also need you to enable all files and folders to show because this I have just come to learn, would also prevent the start up list feature from running:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.
     
    TeMerc,
    #32
  14. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    Does this look right?

    StartupList report, 11/8/2006, 4:07:36 PM
    StartupList version: 1.52.2
    Started from : C:\HJT\hijackthis.exe.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\msupd01142843.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\services.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\HJT\hijackthis.exe.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Brad Rabideau\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    Microsoft Works Calendar Reminders.lnk = ?
    Uninstall.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    GWMDMMSG = GWMDMMSG.exe
    (Default) =
    EPSON Stylus CX6400 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400 "
    WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
    Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe "
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    SSC_UserPrompt = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    HostManager = C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
    IPHSend = C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    AIM = C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
    updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

    [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] *
    StubPath = rundll32 iesetup.dll,IEAccessUserInst

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe vmmdiag32.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
    Norton Internet Security 2006 - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    *No jobs found*

    --------------------------------------------------

    Enumerating Download Program Files:

    [SupportSoft SmartIssue]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
    CODEBASE = http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [YInstStarter Class]
    InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

    [iNotes6 Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\inotes6W.dll
    CODEBASE = https://mymail.humana.com/iNotes6W.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [FujifilmUploader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\FujifilmUploadClient.dll
    CODEBASE = http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

    [OggPlayer Class]
    InProcServer32 = C:\WINDOWS\System32\WMOggPlayer.dll
    CODEBASE = http://www.one2one.com/static/class/WMOggPlayer.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------
     
    65cj,
    #33
  15. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    ..in two parts as it wouldn't all fit...

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    61883 Unit Device: System32\DRIVERS\61883.sys (manual start)
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
    Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
    AVC Device: System32\DRIVERS\avc.sys (manual start)
    BCM V.90 56K Modem: System32\DRIVERS\BCMDM.sys (manual start)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
    Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
    Symantec Internet Security Password Validation: "C:\Program Files\Norton Internet Security\ccPwdSvc.exe" (manual start)
    Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
    Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    COM Host: "C:\Program Files\Norton Internet Security\comHost.exe" (manual start)
    COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Creative SBLive! Gameport: System32\DRIVERS\ctljystk.sys (manual start)
    Kodak Camera Proxy: System32\DRIVERS\DcCam.sys (system)
    DcFpoint: System32\DRIVERS\DcFpoint.sys (manual start)
    DCFS2K: system32\drivers\dcfs2k.sys (autostart)
    Dcfssvc: %SystemRoot%\system32\drivers\dcfssvc.exe (autostart)
    Legacy Polling Service: System32\DRIVERS\DcLps.sys (manual start)
    dcptp: System32\DRIVERS\DcPTP.sys (manual start)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
    Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
    Creative SB Live! Value (WDM): system32\drivers\emu10k1f.sys (manual start)
    Creative Interface Manager Driver (WDM): system32\drivers\ctlface.sys (manual start)
    EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Exportit: System32\DRIVERS\exportit.sys (system)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
    gmer: System32\DRIVERS\gmer.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    GTW V.92 Voice Modem: System32\DRIVERS\GWMDM.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
    IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
    IntelIde: System32\DRIVERS\intelide.sys (system)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
    IPSEC driver: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    iscFlash: \??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys (manual start)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    lredbooo: \??\C:\DOCUME~1\BRADRA~1\LOCALS~1\Temp\lredbooo.sys (manual start)
    Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)
    Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
    NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
    Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
    NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061108.024\NAVENG.Sys (manual start)
    NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061108.024\NavEx15.Sys (manual start)
    Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBT: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Norton Protection Center Service: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv4: System32\DRIVERS\nv4_mini.sys (manual start)
    NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
    Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
    Parallel port driver: System32\DRIVERS\parport.sys (manual start)
    PcdrNt: \SystemRoot\System32\drivers\PcdrNt.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
    PictureTaker: C:\WINDOWS\System32\PCTKRNT.SYS (manual start)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SAVRT: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (manual start)
    SAVRTPEL: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (autostart)
    Symantec AVScan: "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" (manual start)
    Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)
    StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)
    Creative SoundFont Manager Driver (WDM): system32\drivers\sfman.sys (manual start)
    StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system)
    Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
    Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
    SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
    Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{6A104D15-C7BF-44ED-A3AB-2C68B37A3EBC} (manual start)
    Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)
    SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
    SymEvent: \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (manual start)
    SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
    SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
    SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20061025.029\symidsco.sys (manual start)
    symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
    SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
    SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
    SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
    Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
    USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    End of report, 38,798 bytes
    Report generated in 0.344 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
    65cj,
    #34
  16. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    Did you need a new log from the silent runner?
     
    65cj,
    #35
  17. 2006/11/08
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    [Free/Paid] WinPatrol Beta Testing

    The HJT start up is correct now, again, sorry for my oversight.
    Yes, and be sure to let it run it's course, its not quite as long as the HJT start up, but it takes much longer to run, several minutes in some instances.
     
    TeMerc,
    #36
  18. 2006/11/08
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    "Silent Runners.vbs ", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++} "


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = " "C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "AIM" = "C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl" [file not found]
    "Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [ "Yahoo! Inc."]
    "ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
    "updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" [ "Adobe Systems Incorporated"]
    "Winstq" = "c:\msupd01133593.exe" [file not found]
    "Winsth" = "C:\msupd01133593.exe" [file not found]
    "WinMedia" = "c:\msupd01106218.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
    "GWMDMMSG" = "GWMDMMSG.exe" [ "GTW"]
    "(Default)" = "(empty string)" [file not found]
    "EPSON Stylus CX6400" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400" " [ "SEIKO EPSON CORPORATION"]
    "WorksFUD" = "C:\Program Files\Microsoft Works\wkfud.exe" [ "Microsoft® Corporation"]
    "Microsoft Works Portfolio" = "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers" [ "Microsoft® Corporation"]
    "Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ "Microsoft® Corporation"]
    "MoneyStartUp10.0" = " "C:\Program Files\Microsoft Money\System\Activation.exe" " [MS]
    "TkBellExe" = " "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]
    "ccApp" = " "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" " [ "Symantec Corporation"]
    "SSC_UserPrompt" = " "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" " [ "Symantec Corporation"]
    "HostManager" = "C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe" [ "America Online, Inc."]
    "IPHSend" = "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ "America Online, Inc."]
    "ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [ "Viewpoint Corporation"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [ "Sun Microsystems, Inc."]
    "QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class "
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" [ "Sun Microsystems, Inc."]
    {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher "
    -> {HKLM...CLSID} = "AOL Toolbar Launcher "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll" [ "AOL LLC"]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006 "
    -> {HKLM...CLSID} = "CNisExtBho Class "
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" [ "Symantec Corporation"]
    {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper "
    -> {HKLM...CLSID} = "CNavExtBho Class "
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" [ "Symantec Corporation"]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper "
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [ "Google Inc."]
    {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
    -> {HKLM...CLSID} = "Display Panning CPL Extension "
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext "
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension "
    -> {HKLM...CLSID} = "KodakShellExtension "
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\IFScore\shellext.dll" [ "Eastman Kodak Company"]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler "
    -> {HKLM...CLSID} = "Microsoft Office Outlook "
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler "
    -> {HKLM...CLSID} = "Outlook File Icon Extension "
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player "
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class "
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]
    "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys "
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\phototoys.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = (no title provided)
    -> {HKLM...CLSID} = "Internet Shortcut "
    \InProcServer32\(Default) = "shdocvw.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    <<!>> "Shell" = "Explorer.exe vmmdiag32.exe" [MS], [file not found]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945} "
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
    -> {HKLM...CLSID} = "PDF Shell Extension "
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} "
    -> {HKLM...CLSID} = "IEContextMenu Class "
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" [ "Symantec Corporation"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} "
    -> {HKLM...CLSID} = "IEContextMenu Class "
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" [ "Symantec Corporation"]


    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\Documents and Settings\Brad Rabideau\Local Settings\Application Data\Microsoft\Wallpaper2.bmp "

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Brad Rabideau\Local Settings\Application Data\Microsoft\Wallpaper2.bmp "


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]


    Startup items in "Brad Rabideau" & "All Users" startup folders:
    ----------------------------------------------------------------

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ "Adobe Systems Incorporated"]
    "Install Pending Files" -> shortcut to: "C:\Program Files\SIFXINST\SIFXINST.EXE /ApplyPending" [ "LANovation"]
    "Kodak EasyShare software" -> shortcut to: "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe -h" [ "Eastman Kodak Company"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
    "Microsoft Works Calendar Reminders" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" [ "Microsoft® Corporation"]
    <<!>> "Uninstall.exe" [null data]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F} "
    -> {HKLM...CLSID} = "&Google "
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [ "Google Inc."]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} "
    -> {HKLM...CLSID} = "Norton Internet Security 2006 "
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" [ "Symantec Corporation"]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F} "
    -> {HKLM...CLSID} = "&Google "
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [ "Google Inc."]
    "{C4069E3A-68F1-403E-B40E-20066696354B} "
    -> {HKLM...CLSID} = "Norton AntiVirus "
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" [ "Symantec Corporation"]
    "{DE9C389F-3316-41A7-809B-AA305ED9D922} "
    -> {HKLM...CLSID} = "AOL Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll" [ "AOL LLC"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006 "
    -> {HKLM...CLSID} = "Norton Internet Security 2006 "
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" [ "Symantec Corporation"]
    "{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus "
    -> {HKLM...CLSID} = "Norton AntiVirus "
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" [ "Symantec Corporation"]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google "
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [ "Google Inc."]
    "{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar "
    -> {HKLM...CLSID} = "AOL Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll" [ "AOL LLC"]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\(Default) = "My Search Quick View "
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\(Default) = "MoneySide "
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research "
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console "
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "
    -> {HKCU...CLSID} = "Java Plug-in "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" [ "Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06 "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" [ "Sun Microsystems, Inc."]

    {3369AF0D-62E9-4BDA-8103-B4C75499B578}\
    "ButtonText" = "AOL Toolbar "
    "CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922} "
    -> {HKLM...CLSID} = "AOL Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll" [ "AOL LLC"]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Research "

    {E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
    "ButtonText" = "MoneySide "
    "CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA} "
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

    {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
    "ButtonText" = "eBay - Homepage "
    "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16} "
    -> {HKLM...CLSID} = "Toolbar Extension for Executable "
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, " "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" " [ "Symantec Corporation"]
    Dcfssvc, Dcfssvc, "C:\WINDOWS\system32\drivers\dcfssvc.exe" [ "Eastman Kodak Company"]
    Machine Debug Manager, MDM, " "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" " [MS]
    Norton AntiVirus Auto-Protect Service, navapsvc, " "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" " [ "Symantec Corporation"]
    Norton Protection Center Service, NSCService, " "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" " [ "Symantec Corporation"]
    NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" [ "NVIDIA Corporation"]
    Symantec Core LC, Symantec Core LC, " "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" " [ "Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, " "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" " [ "Symantec Corporation"]
    Symantec Network Drivers Service, SNDSrvc, " "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" " [ "Symantec Corporation"]
    Symantec Network Proxy, ccProxy, " "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" " [ "Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, " "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" " [ "Symantec Corporation"]
    Symantec SPBBCSvc, SPBBCSvc, " "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" " [ "Symantec Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" [ "SEIKO EPSON CORPORATION"]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 402 seconds.
    ---------- (total run time: 1610 seconds)
     
    65cj,
    #37
  19. 2006/11/09
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK, I need you to check the properties of this service:
    lredbooo

    Go to: Start > Run > type " services.msc ", then click OK

    Scroll down to the lredbooo service.

    Click it to highlight it, then <right-click> and select: Properties

    Let me know what information is contained in the boxes please.
     
    TeMerc,
    #38
  20. 2006/11/09
    65cj

    65cj Inactive Thread Starter

    Joined:
    2006/11/02
    Messages:
    63
    Likes Received:
    0
    Tried and couldn't find anything by that name.
     
    65cj,
    #39
  21. 2006/11/09
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK, I'm kinda stumped on this one.

    I'll be having another analysts look this over later in the evening for me and hope she will see either what I'm missing or maybe this is some new variant of Haxdoor. They constantly tweak these things.

    Sorry this one is taking so long and thanks for you patience.
     
    TeMerc,
    #40
Page 2 of 5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...