Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP... My Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Susan528 » January 3rd, 2006, 11:57 am

Hello David,

Weird! Those _restore files are still there!


File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.

I noticed the above file is detected by MWAV (with those infected _restore files still present). Let’s see if other applications detect it as being infected.

STEP 1.
======
Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\Documents and Settings\David\Desktop\ResetSR.VBS
Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

STEP 2.
======
Download Ewido
  1. Download and install Ewido Security Suite It is a free trial version of the program.
  2. Install ewido security suite
  3. Launch ewido, there should be an icon on your desktop double-click it.
  4. The program will now go to the main screen
STEP 3.
======
Update Ewido
You will need to update ewido to the latest definition files.
  1. On the left hand side of the main screen click update
  2. Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 4.
======
Ewido Scan
Once the updates are installed do the following:
  1. Click on scanner
  2. Click on Complete System Scan and the scan will begin.
  3. NOTE: During some scans with ewido it is finding cases of false positives.**
    o You will need to step through the process of cleaning files one-by-one.
    o If ewido detects a file you KNOW to be legitimate, select none as the action.
    o DO NOT select "Perform action on all infections"
    o If you are unsure of any entry found select none for now.
  4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  5. Click Save report.
  6. Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


STEP 5.
======
Microsoft malicious Software Removal Tool.

Microsoft malicious Software Removal Tool.

Please follow these Instructions for downloading and running the Microsoft malicious Software Removal Tool.

Send me the results in your next reply. If any items are found, please be sure to send the log or to tell me the specific infection names.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

Unread postby DavidJ710 » January 3rd, 2006, 7:25 pm

Man, So many steps... Ok, one at a time.

1) Jotti found the following...

AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Backdoor.Win32.Delf.akf
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

Since it found the virus, I checked to see if the file still contained the information that I cut and pasted from the web and it did. Don't know if that helps. Also, I have been getting alerts about the Klone virus from AVG and I think that when I scanned with Zone Alarm's Security Suite it mentioned Win32.Sinteri. I vaugely remember reading somewhere about one of them that it infects the system restore files. I could be way off base, and you probably know what I am so feebly trying to say, but as we're having some troubles with this, I thought I'd let you know just incase I had stumbled upon something new.

2) Had trouble getting the ewido to download to begin with. It kept timing out, but I got it after several tries.

3) Despite the trouble downloading, ewido updated without a hitch.

4) Ok, Scan went fine. Here is the log file…

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:21:22 PM, 1/3/2006
+ Report-Checksum: ECE4EA8

+ Scan result:

HKU\S-1-5-21-527237240-1580818891-725345543-1011\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-527237240-1580818891-725345543-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.16:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.32:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.33:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.34:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.35:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.36:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.45:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.46:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.59:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.70:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.81:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.83:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.105:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.106:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.134:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.145:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.146:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.147:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.148:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.152:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.153:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.160:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.161:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.162:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.163:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.173:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.174:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.177:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.187:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.196:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.237:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.238:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.239:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@www.epilot[2].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\tool1.exe -> Not-A-Virus.SpamTool.Win32.Mailbot.o : Cleaned with backup


::Report End

5) Microsoft Malicious Software Removal Tool found no malicious files.
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby Susan528 » January 3rd, 2006, 10:31 pm

Hello David,

Don’t worry about the ResetSF.VBS file. I uploaded it to Jotti too and got the same results.

Now back to the _restore files—did you by any chance upgrade your system? I am wondering if these files are obsolete left-overs. According to the Microsoft KB article, you should be able to delete them.

Using Disk Cleanup
Disk Cleanup helps free up space on your hard drive. Disk Cleanup searches your drive, and then shows you temporary files, Internet cache files, and unnecessary program files that you can safely delete. You can direct Disk Cleanup to delete some or all of those files.

Open Disk Cleanup.

To open Disk Cleanup, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.


http://support.microsoft.com/kb/301224/en-us

Note When you upgrade, you might still see some restore point files and folders in the <drive letter>:\System Volume Information in Windows XP or under the <System Drive>:\_RESTORE folder in Windows Millennium Edition. However, these restore points are obsolete and cannot be used as they do not appear on the Select a Restore Point list on the System Restore page.

If you start the Disk Cleanup utility and you click the Disk Cleanup tab, a System Restore: Obsolete Data Stores entry is available. These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them. If you choose to clean up and delete these files, you will no longer see them under the folders that are mentioned earlier in this article, and the option to delete obsolete data stores will no longer appear on the Disk Cleanup utility.


Please let me know if this helps or applies.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby DavidJ710 » January 4th, 2006, 1:26 am

I went into the Disk Cleanup and removed obsolete restore files, restarted, and ran mwav, but the "_restore" files still appeared in the scan. Here are the results:

File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Program Files\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\WINDOWS\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".frBB3C". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gba". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j31". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebNexus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{aac8802e-d17a-4ad6-89a7-bd133078b0c6}" refers to invalid object "C:\WINDOWS\system32\gkgfe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c0164c20-33c8-4f60-bfd1-557e08a93f58}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5AF2622-8C75-4dfb-9693-23AB7686A456}" refers to invalid object "C:\WINDOWS\DH.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}" refers to invalid object "C:\PROGRA~1\SPYWAR~1\swdoctor.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamiui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ec48db94-98df-4c2f-932f-bbc28af0a316}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001059.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001074.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001115.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001120.dll tagged as "not-a-virus:AdWare.Win32.Ihbo.gen". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001160.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001183.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP14\A0001465.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001059.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001074.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001115.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001120.dll tagged as "not-a-virus:AdWare.Win32.Ihbo.gen". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001160.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP12\A0001183.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\RP14\A0001465.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby Susan528 » January 4th, 2006, 9:07 am

Hello David,

Thanks for hanging in there. Please do the following:

Hijackthis Start-up List
  • Run HijackThis, click on Open the Misc Tools Section.
  • click on Open Uninstall Manager.
  • Click on Save List and save uninstall_list.txt to your Desktop.
  • Open this file in Notepad and copy/past the content in your reply.
  • Click back (the one located at the right side of the save list button)
  • Put a checkmark in List also minor sections and List empty sections.
  • Click on Generate StartupList log, anwser Yes
Copy/paste the content in your reply.

Kaspersky Online Beta Virus Scanner:
http://www.kaspersky.com/virusscanner
Please copy and paste the results in your reply.

Rootkit Revealer

Please download
Rootkit Revealer
to your desktop.
  • Unzip the file.
  • Turn off your real time antivirus for a moment.
  • Then go to file->scan
  • This will take some time.
  • When it's done, go to file->save
  • save the logfile to the desktop

Then past the contents here.
*Don't forget to turn your AV back on afterwards*
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby DavidJ710 » January 4th, 2006, 5:37 pm

Hello Susan,

Here are the scans you requested. I think that I'll try out this color thing too!! :D

Hijack This UninstallList:

Ad-Aware SE Personal
Adobe Reader 6.0.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free Edition
Broadcom 802.11 Wireless LAN Adapter
Conexant AC-Link Audio
Contextual Tool
Data Fax SoftModem with SmartCP
DH
ewido anti-malware
HijackThis 1.99.1
HP Help and Support
InterVideo WinDVD
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Office 2000 Small Business
Mozilla Firefox (1.5)
muvee autoProducer 3.5 - SE
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.3
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
ZoneAlarm Security Suite

Hijack This StartUpList:

StartupList report, 1/4/2006, 11:07:31 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\David\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\David\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\David\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
UIUCU = C:\DOCUME~1\User\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[VerifyGMN Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
CODEBASE = http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/products/plugin/aut ... s-i586.cab

[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/products/plugin/aut ... s-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\imslsp.dll
Protocol #2: C:\WINDOWS\system32\imslsp.dll
Protocol #3: C:\WINDOWS\system32\imslsp.dll
Protocol #4: C:\WINDOWS\system32\imslsp.dll
Protocol #5: C:\WINDOWS\system32\imslsp.dll
Protocol #6: C:\WINDOWS\system32\imslsp.dll
Protocol #7: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #8: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #9: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\rsvpsp.dll
Protocol #14: C:\WINDOWS\system32\rsvpsp.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #24: C:\WINDOWS\system32\imslsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Broadcom 802.11 Network Adapter Driver: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CA ISafe: C:\WINDOWS\system32\ZoneLabs\isafe.exe (manual start)
Conexant AMC Audio: system32\drivers\camc6aud.sys (manual start)
CAMCHALA: system32\drivers\camc6hal.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HSFHWATI: system32\DRIVERS\HSFHWATI.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{E9B8002C-F53C-45B9-A44C-C5D7B99153CD} (manual start)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33,043 bytes


RootReveal log:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\ 12/16/2005 9:23 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\ 12/16/2005 9:24 AM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\parent.lock 1/4/2006 11:03 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\011A25DBd01 1/3/2006 6:32 PM 1.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\03E88B24d01 1/3/2006 1:47 PM 22.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0400A9D2d01 1/2/2006 11:25 PM 20.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\05E3E790d01 1/3/2006 4:41 PM 21.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616623Fd01 1/3/2006 3:28 PM 24.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616633Fd01 1/3/2006 3:28 PM 25.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616713Fd01 1/3/2006 3:28 PM 27.23 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616743Fd01 1/3/2006 3:28 PM 21.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616753Fd01 1/3/2006 3:28 PM 25.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616763Fd01 1/3/2006 3:28 PM 24.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616773Fd01 1/3/2006 3:28 PM 25.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\06167A3Fd01 1/3/2006 3:28 PM 27.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\06167B3Fd01 1/3/2006 3:28 PM 24.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0726503Fd01 1/3/2006 3:28 PM 27.68 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0726513Cd01 1/3/2006 3:28 PM 24.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0726533Fd01 1/3/2006 3:28 PM 25.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\072F5E19d01 1/3/2006 6:32 PM 71.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\07A4CCDAd01 1/3/2006 5:36 PM 71.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0808041Cd01 1/3/2006 2:55 PM 65.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0A2CBE76d01 1/3/2006 5:49 PM 18.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0AE32D3Cd01 1/3/2006 1:47 PM 47.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0B289EFBd01 1/3/2006 6:39 PM 39.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0CB02060d01 1/3/2006 3:26 PM 99.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0F9694B6d01 1/2/2006 1:16 AM 1016.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0F9794B6d01 1/2/2006 1:19 AM 1.30 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\11890221d01 1/3/2006 6:41 PM 347 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\11F83249d01 1/2/2006 11:08 PM 109.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\11FDC203d01 1/1/2006 5:02 PM 312.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1261C252d01 1/3/2006 10:16 AM 71.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\127453C5d01 1/3/2006 3:30 PM 108.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\12C50806d01 1/3/2006 4:07 PM 71.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\16497CF5d01 1/3/2006 3:30 PM 98.66 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1715AF67d01 1/3/2006 6:32 PM 30.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1748732Fd01 1/3/2006 6:36 PM 54.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\193E31DEd01 1/3/2006 4:46 PM 25.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1B289EFBd01 1/3/2006 6:39 PM 20.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1BCEA64Bd01 1/3/2006 3:30 PM 21.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1E433A79d01 1/3/2006 3:30 PM 43.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1EA1BD87d01 1/2/2006 2:13 AM 1.34 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1F95F4F3d01 1/3/2006 11:24 PM 124.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\20AAB689d01 1/3/2006 5:30 PM 40.81 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2125315Cd01 1/3/2006 6:32 PM 3.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2189C54Cd01 1/3/2006 10:15 AM 38.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\22F6073Dd01 1/3/2006 6:15 PM 33.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2407764Ad01 1/3/2006 6:41 PM 50.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2593DF54d01 1/3/2006 5:35 PM 30.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\25ADB6BAd01 1/3/2006 5:30 PM 54.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\269EAF46d01 1/3/2006 6:38 PM 71.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\279C9640d01 1/3/2006 6:13 PM 40.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\287031A5d01 1/3/2006 4:07 PM 28.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28B3CBFAd01 1/3/2006 5:32 PM 51.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28BC6FC2d01 1/2/2006 1:22 AM 79.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28BC6FC3d01 1/2/2006 1:22 AM 80.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28BC6FC5d01 1/2/2006 1:22 AM 80.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2B289EFBd01 1/3/2006 6:39 PM 26.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2B6CB640d01 1/3/2006 6:37 PM 32.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2D56B9A0d01 1/3/2006 6:37 PM 26.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2DA9EAA6d01 1/2/2006 3:37 PM 16.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2EC2A45Ad01 1/3/2006 3:28 PM 432 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2EE5D713d01 1/3/2006 3:28 PM 427 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2FA15482d01 1/3/2006 5:33 PM 41.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\302C1849d01 1/3/2006 6:32 PM 4.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\31EFC0A7d01 1/3/2006 5:43 PM 22.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\33A251D2d01 1/3/2006 5:34 PM 62.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\352687F4d01 1/2/2006 5:58 PM 58.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\365B2EBAd01 1/3/2006 3:28 PM 122.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\37468D11d01 1/3/2006 6:41 PM 72.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\374E1504d01 1/3/2006 1:57 PM 21.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\39A3E33Ed01 1/3/2006 3:28 PM 20.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3A1A3A71d01 1/3/2006 6:41 PM 245 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3AF4FEF5d01 1/3/2006 11:24 PM 95.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3C277FC8d01 1/3/2006 6:37 PM 97.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3C6A6B94d01 1/3/2006 3:48 PM 48.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3DB16398d01 1/3/2006 6:37 PM 100.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3F1D8413d01 1/2/2006 1:34 PM 22.67 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\40E1664Dd01 1/3/2006 3:28 PM 30.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\40F79E58d01 1/3/2006 5:40 PM 121.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\42D955B0d01 1/3/2006 6:36 PM 31.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4317B7B5d01 1/4/2006 11:03 AM 77.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\43A5E260d01 1/3/2006 5:41 PM 35.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\44225944d01 1/3/2006 6:32 PM 4.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4545C3A2d01 1/3/2006 6:40 PM 71.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\45C003AFd01 1/3/2006 2:39 PM 44.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\462C8B44d01 1/3/2006 6:32 PM 3.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\469D0286d01 1/3/2006 3:30 PM 41.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\498EFF2Cd01 1/3/2006 3:50 PM 19.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4A14443Bd01 1/2/2006 5:57 PM 46.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4A5DA026d01 1/3/2006 3:28 PM 553 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4C949309d01 1/3/2006 6:13 PM 53.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4CC8D621d01 1/3/2006 5:27 PM 18.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4E85E6EEd01 1/3/2006 3:50 PM 170.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4F9710ADd01 1/3/2006 6:34 PM 28.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\506508B1d01 1/3/2006 6:34 PM 49.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\50942839d01 1/3/2006 6:41 PM 51.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\50A7E3F5d01 1/3/2006 6:13 PM 20.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\511EB6E1d01 1/3/2006 2:38 PM 23.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\51F92F02d01 1/3/2006 6:12 PM 27.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\52C0FFFFd01 1/3/2006 10:06 AM 46.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\544C4E98d01 1/3/2006 4:03 PM 16.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5589DD59d01 1/2/2006 2:15 AM 32.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\55A9BB94d01 1/3/2006 5:37 PM 3.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\56EA96F3d01 1/3/2006 10:16 AM 22.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\582A87B1d01 1/3/2006 10:15 AM 37.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\58D82983d01 1/3/2006 5:36 PM 52.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5C6156A2d01 1/3/2006 5:34 PM 39.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5ECE8297d01 1/3/2006 3:30 PM 19.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5EE02EFBd01 1/3/2006 6:32 PM 40.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5F2E67A3d01 1/3/2006 6:37 PM 20.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5F9B47A3d01 1/3/2006 6:13 PM 20.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\61920034d01 1/3/2006 6:33 PM 17.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\61B2F147d01 1/3/2006 5:40 PM 86.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\62CA26F6d01 1/3/2006 6:38 PM 47.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\63297C61d01 1/3/2006 6:13 PM 20.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\634D2778d01 1/3/2006 6:39 PM 20.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\63599ECCd01 1/3/2006 1:47 PM 38.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\63C59201d01 1/3/2006 10:07 AM 252.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\64872090d01 1/3/2006 5:25 PM 19.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6656EDEFd01 1/2/2006 1:34 PM 95.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\672CC238d01 1/3/2006 4:18 PM 32.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\691B109Ad01 1/3/2006 6:35 PM 51.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\69B575EEd01 1/2/2006 11:32 PM 18.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6B60C8CAd01 1/3/2006 5:32 PM 64.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6BBD28C6d01 1/3/2006 5:35 PM 62.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6C0F282Fd01 1/3/2006 2:38 PM 22.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6D3CCC99d01 1/3/2006 5:35 PM 25 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6D3CCCB9d01 1/3/2006 4:05 PM 25 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6DEA28D7d01 1/3/2006 5:35 PM 50.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6DED5A68d01 1/3/2006 6:32 PM 18.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6F246A5Fd01 1/3/2006 6:32 PM 3.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\71A655A6d01 1/2/2006 1:28 AM 5.80 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\755A3001d01 1/3/2006 3:37 PM 19.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\771FFF20d01 1/3/2006 5:53 PM 28.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7935FB05d01 1/3/2006 6:15 PM 17.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\796305EDd01 1/3/2006 4:17 PM 35.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\79EA2882d01 1/3/2006 5:36 PM 48.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7AB4B217d01 1/2/2006 1:34 PM 17.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7B289EFBd01 1/3/2006 6:39 PM 38.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7B5AD1B0d01 1/3/2006 6:40 PM 18.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7D627A72d01 1/2/2006 11:29 PM 19.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7F0D177Dd01 1/3/2006 6:32 PM 72.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7FF21949d01 1/3/2006 3:54 PM 119.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\81DB0782d01 1/3/2006 6:33 PM 50.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\82723FFAd01 1/3/2006 3:51 PM 33.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\85A0794Ed01 1/3/2006 6:35 PM 48.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8838AFEBd01 1/4/2006 11:08 AM 183.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby DavidJ710 » January 4th, 2006, 7:51 pm

Hmmm... Cut me off... Let's try again.

RootKitReveal Scan:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\ 12/16/2005 9:23 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\ 12/16/2005 9:24 AM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\parent.lock 1/4/2006 11:03 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\011A25DBd01 1/3/2006 6:32 PM 1.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\03E88B24d01 1/3/2006 1:47 PM 22.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0400A9D2d01 1/2/2006 11:25 PM 20.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\05E3E790d01 1/3/2006 4:41 PM 21.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616623Fd01 1/3/2006 3:28 PM 24.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616633Fd01 1/3/2006 3:28 PM 25.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616713Fd01 1/3/2006 3:28 PM 27.23 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616743Fd01 1/3/2006 3:28 PM 21.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616753Fd01 1/3/2006 3:28 PM 25.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616763Fd01 1/3/2006 3:28 PM 24.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0616773Fd01 1/3/2006 3:28 PM 25.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\06167A3Fd01 1/3/2006 3:28 PM 27.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\06167B3Fd01 1/3/2006 3:28 PM 24.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0726503Fd01 1/3/2006 3:28 PM 27.68 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0726513Cd01 1/3/2006 3:28 PM 24.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0726533Fd01 1/3/2006 3:28 PM 25.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\072F5E19d01 1/3/2006 6:32 PM 71.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\07A4CCDAd01 1/3/2006 5:36 PM 71.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0808041Cd01 1/3/2006 2:55 PM 65.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0A2CBE76d01 1/3/2006 5:49 PM 18.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0AE32D3Cd01 1/3/2006 1:47 PM 47.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0B289EFBd01 1/3/2006 6:39 PM 39.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0CB02060d01 1/3/2006 3:26 PM 99.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0F9694B6d01 1/2/2006 1:16 AM 1016.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\0F9794B6d01 1/2/2006 1:19 AM 1.30 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\11890221d01 1/3/2006 6:41 PM 347 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\11F83249d01 1/2/2006 11:08 PM 109.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\11FDC203d01 1/1/2006 5:02 PM 312.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1261C252d01 1/3/2006 10:16 AM 71.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\127453C5d01 1/3/2006 3:30 PM 108.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\12C50806d01 1/3/2006 4:07 PM 71.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\16497CF5d01 1/3/2006 3:30 PM 98.66 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1715AF67d01 1/3/2006 6:32 PM 30.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1748732Fd01 1/3/2006 6:36 PM 54.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\193E31DEd01 1/3/2006 4:46 PM 25.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1B289EFBd01 1/3/2006 6:39 PM 20.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1BCEA64Bd01 1/3/2006 3:30 PM 21.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1E433A79d01 1/3/2006 3:30 PM 43.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1EA1BD87d01 1/2/2006 2:13 AM 1.34 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\1F95F4F3d01 1/3/2006 11:24 PM 124.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\20AAB689d01 1/3/2006 5:30 PM 40.81 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2125315Cd01 1/3/2006 6:32 PM 3.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2189C54Cd01 1/3/2006 10:15 AM 38.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\22F6073Dd01 1/3/2006 6:15 PM 33.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2407764Ad01 1/3/2006 6:41 PM 50.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2593DF54d01 1/3/2006 5:35 PM 30.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\25ADB6BAd01 1/3/2006 5:30 PM 54.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\269EAF46d01 1/3/2006 6:38 PM 71.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\279C9640d01 1/3/2006 6:13 PM 40.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\287031A5d01 1/3/2006 4:07 PM 28.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28B3CBFAd01 1/3/2006 5:32 PM 51.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28BC6FC2d01 1/2/2006 1:22 AM 79.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28BC6FC3d01 1/2/2006 1:22 AM 80.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\28BC6FC5d01 1/2/2006 1:22 AM 80.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2B289EFBd01 1/3/2006 6:39 PM 26.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2B6CB640d01 1/3/2006 6:37 PM 32.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2D56B9A0d01 1/3/2006 6:37 PM 26.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2DA9EAA6d01 1/2/2006 3:37 PM 16.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2EC2A45Ad01 1/3/2006 3:28 PM 432 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2EE5D713d01 1/3/2006 3:28 PM 427 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\2FA15482d01 1/3/2006 5:33 PM 41.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\302C1849d01 1/3/2006 6:32 PM 4.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\31EFC0A7d01 1/3/2006 5:43 PM 22.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\33A251D2d01 1/3/2006 5:34 PM 62.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\352687F4d01 1/2/2006 5:58 PM 58.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\365B2EBAd01 1/3/2006 3:28 PM 122.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\37468D11d01 1/3/2006 6:41 PM 72.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\374E1504d01 1/3/2006 1:57 PM 21.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\39A3E33Ed01 1/3/2006 3:28 PM 20.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3A1A3A71d01 1/3/2006 6:41 PM 245 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3AF4FEF5d01 1/3/2006 11:24 PM 95.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3C277FC8d01 1/3/2006 6:37 PM 97.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3C6A6B94d01 1/3/2006 3:48 PM 48.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3DB16398d01 1/3/2006 6:37 PM 100.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\3F1D8413d01 1/2/2006 1:34 PM 22.67 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\40E1664Dd01 1/3/2006 3:28 PM 30.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\40F79E58d01 1/3/2006 5:40 PM 121.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\42D955B0d01 1/3/2006 6:36 PM 31.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4317B7B5d01 1/4/2006 11:03 AM 77.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\43A5E260d01 1/3/2006 5:41 PM 35.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\44225944d01 1/3/2006 6:32 PM 4.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4545C3A2d01 1/3/2006 6:40 PM 71.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\45C003AFd01 1/3/2006 2:39 PM 44.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\462C8B44d01 1/3/2006 6:32 PM 3.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\469D0286d01 1/3/2006 3:30 PM 41.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\498EFF2Cd01 1/3/2006 3:50 PM 19.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4A14443Bd01 1/2/2006 5:57 PM 46.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4A5DA026d01 1/3/2006 3:28 PM 553 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4C949309d01 1/3/2006 6:13 PM 53.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4CC8D621d01 1/3/2006 5:27 PM 18.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4E85E6EEd01 1/3/2006 3:50 PM 170.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\4F9710ADd01 1/3/2006 6:34 PM 28.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\506508B1d01 1/3/2006 6:34 PM 49.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\50942839d01 1/3/2006 6:41 PM 51.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\50A7E3F5d01 1/3/2006 6:13 PM 20.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\511EB6E1d01 1/3/2006 2:38 PM 23.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\51F92F02d01 1/3/2006 6:12 PM 27.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\52C0FFFFd01 1/3/2006 10:06 AM 46.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\544C4E98d01 1/3/2006 4:03 PM 16.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5589DD59d01 1/2/2006 2:15 AM 32.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\55A9BB94d01 1/3/2006 5:37 PM 3.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\56EA96F3d01 1/3/2006 10:16 AM 22.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\582A87B1d01 1/3/2006 10:15 AM 37.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\58D82983d01 1/3/2006 5:36 PM 52.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5C6156A2d01 1/3/2006 5:34 PM 39.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5ECE8297d01 1/3/2006 3:30 PM 19.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5EE02EFBd01 1/3/2006 6:32 PM 40.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5F2E67A3d01 1/3/2006 6:37 PM 20.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\5F9B47A3d01 1/3/2006 6:13 PM 20.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\61920034d01 1/3/2006 6:33 PM 17.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\61B2F147d01 1/3/2006 5:40 PM 86.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\62CA26F6d01 1/3/2006 6:38 PM 47.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\63297C61d01 1/3/2006 6:13 PM 20.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\634D2778d01 1/3/2006 6:39 PM 20.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\63599ECCd01 1/3/2006 1:47 PM 38.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\63C59201d01 1/3/2006 10:07 AM 252.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\64872090d01 1/3/2006 5:25 PM 19.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6656EDEFd01 1/2/2006 1:34 PM 95.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\672CC238d01 1/3/2006 4:18 PM 32.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\691B109Ad01 1/3/2006 6:35 PM 51.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\69B575EEd01 1/2/2006 11:32 PM 18.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6B60C8CAd01 1/3/2006 5:32 PM 64.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6BBD28C6d01 1/3/2006 5:35 PM 62.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6C0F282Fd01 1/3/2006 2:38 PM 22.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6D3CCC99d01 1/3/2006 5:35 PM 25 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6D3CCCB9d01 1/3/2006 4:05 PM 25 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6DEA28D7d01 1/3/2006 5:35 PM 50.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6DED5A68d01 1/3/2006 6:32 PM 18.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\6F246A5Fd01 1/3/2006 6:32 PM 3.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\71A655A6d01 1/2/2006 1:28 AM 5.80 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\755A3001d01 1/3/2006 3:37 PM 19.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\771FFF20d01 1/3/2006 5:53 PM 28.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7935FB05d01 1/3/2006 6:15 PM 17.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\796305EDd01 1/3/2006 4:17 PM 35.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\79EA2882d01 1/3/2006 5:36 PM 48.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7AB4B217d01 1/2/2006 1:34 PM 17.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7B289EFBd01 1/3/2006 6:39 PM 38.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7B5AD1B0d01 1/3/2006 6:40 PM 18.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7D627A72d01 1/2/2006 11:29 PM 19.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7F0D177Dd01 1/3/2006 6:32 PM 72.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\7FF21949d01 1/3/2006 3:54 PM 119.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\81DB0782d01 1/3/2006 6:33 PM 50.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\82723FFAd01 1/3/2006 3:51 PM 33.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\85A0794Ed01 1/3/2006 6:35 PM 48.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8838AFEBd01 1/4/2006 11:08 AM 183.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\88820CBDd01 1/3/2006 4:29 PM 1.05 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\88BD762Cd01 1/3/2006 6:37 PM 43.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\89AED9D4d01 1/1/2006 5:25 PM 17.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8AA31E66d01 1/3/2006 1:47 PM 41.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8ACE6CB1d01 1/3/2006 10:09 AM 19.39 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8C2156CCd01 1/3/2006 3:37 PM 28.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8C34855Ed01 1/3/2006 3:28 PM 25.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8D0C8CB3d01 1/3/2006 2:45 PM 62.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8D49440Cd01 1/3/2006 6:14 PM 71.89 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8DB5B7D2d01 1/3/2006 6:33 PM 36.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8E23F368d01 1/3/2006 6:39 PM 33.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8EC9BDD8d01 1/3/2006 2:38 PM 18.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8ECBF73Ed01 1/3/2006 6:15 PM 20.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8F03E019d01 1/3/2006 6:41 PM 2.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8F1668ABd01 1/3/2006 6:34 PM 28.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8F8BD758d01 1/4/2006 11:33 AM 22.69 KB Hidden from Windows API.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\8F913D23d01 1/3/2006 3:28 PM 48.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\906C3469d01 1/3/2006 1:47 PM 32.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\90E3813Bd01 1/2/2006 3:39 PM 81.20 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9164329Ed01 1/3/2006 3:28 PM 39.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92E8D880d01 1/1/2006 5:25 PM 46.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92E9D880d01 1/1/2006 5:54 PM 26.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92EBD880d01 1/2/2006 12:58 AM 44.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92ECD880d01 1/1/2006 5:25 PM 40.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92EDD880d01 1/1/2006 5:26 PM 40.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92EED880d01 1/2/2006 1:00 AM 55.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\92EFD880d01 1/1/2006 5:35 PM 62.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\93187966d01 1/3/2006 6:41 PM 53.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\94F93057d01 1/3/2006 4:05 PM 16.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\97AA1BECd01 1/3/2006 10:16 AM 31.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\992429D8d01 1/3/2006 10:06 AM 83.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9AC04583d01 1/3/2006 5:32 PM 57.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9AC602E4d01 1/2/2006 3:37 PM 23.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9B1F8FA9d01 1/2/2006 11:26 PM 18.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9B6BC113d01 1/3/2006 5:53 PM 45.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9B8BF705d01 1/3/2006 4:27 PM 25.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9C6856CCd01 1/3/2006 3:37 PM 30.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9CDAA3B2d01 1/3/2006 3:30 PM 81.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9DC23295d01 1/3/2006 5:30 PM 48.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\9E9E9C37d01 1/3/2006 4:04 PM 9.66 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\A0391E0Fd01 1/2/2006 3:01 PM 119.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\A123BAFBd01 1/2/2006 5:57 PM 63.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\A1CDE8CBd01 1/3/2006 10:09 AM 44.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\A445CCDCd01 1/3/2006 1:47 PM 21.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\A44A8E18d01 1/3/2006 2:38 PM 39.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\A767F5C2d01 1/3/2006 6:32 PM 52.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\AA54EA14d01 1/3/2006 6:39 PM 19.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\AB2E30DFd01 1/3/2006 10:12 AM 23.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\AB90AB38d01 1/3/2006 3:28 PM 16.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\ABBC7468d01 1/3/2006 6:41 PM 80.73 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\ABDE0892d01 1/3/2006 3:28 PM 32.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\ACAB73F1d01 1/3/2006 2:38 PM 17.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\ACB746B3d01 1/3/2006 5:33 PM 50.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\ADAC76C4d01 1/2/2006 2:12 AM 47.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\AE7B4A98d01 1/3/2006 2:37 PM 24.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B178D340d01 1/3/2006 5:39 PM 17.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B2A8CEB4d01 1/3/2006 2:38 PM 17.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B33A972Fd01 1/3/2006 1:47 PM 21.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B3A44D7Bd01 1/3/2006 5:24 PM 119.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B591DE68d01 1/3/2006 10:05 PM 19.64 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B7A022EAd01 1/3/2006 5:29 PM 54.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\B8507FB6d01 1/3/2006 1:57 PM 51.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\BA70F1DBd01 1/3/2006 3:28 PM 36.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\BA72F1DBd01 1/3/2006 3:28 PM 35.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\BA75F1DBd01 1/3/2006 3:28 PM 130.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\BCDFACCDd01 1/3/2006 5:43 PM 64.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\BF5E8741d01 1/3/2006 1:46 PM 19.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\BFF7362Cd01 1/3/2006 6:13 PM 42.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C0E51466d01 1/3/2006 6:33 PM 19.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C0EA042Bd01 1/3/2006 10:00 AM 19.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C14D6278d01 1/3/2006 6:41 PM 25.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C1DC91D3d01 1/3/2006 3:28 PM 571 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C387C3D6d01 1/3/2006 6:32 PM 18.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C3FD3025d01 1/3/2006 4:17 PM 24.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C41583CDd01 1/3/2006 6:38 PM 50.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C46EB537d01 1/4/2006 11:33 AM 26.90 KB Hidden from Windows API.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C54E326Cd01 1/3/2006 10:15 AM 26.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C54E326Dd01 1/3/2006 10:16 AM 39.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C5C0C40Ad01 1/3/2006 3:28 PM 78.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C6C80891d01 1/2/2006 1:23 AM 83.64 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C6C90891d01 1/2/2006 1:23 AM 83.64 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\C941237Ed01 1/4/2006 11:33 AM 18.62 KB Hidden from Windows API.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CA75707Fd01 1/3/2006 6:38 PM 31.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CAD9CE08d01 1/3/2006 6:39 PM 23.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CB3A5D71d01 1/3/2006 6:36 PM 42.73 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CCD83CF2d01 1/3/2006 6:39 PM 69.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CD0A758Cd01 1/3/2006 5:29 PM 53.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CD7267B3d01 1/3/2006 2:39 PM 65.81 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CDC55771d01 1/3/2006 3:30 PM 47.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CE9B2421d01 1/3/2006 10:01 AM 22.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CFDF589Bd01 1/3/2006 6:32 PM 19.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\CFF0C5F3d01 1/3/2006 6:39 PM 37.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D09B29E6d01 1/3/2006 4:12 PM 304.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D15783DEd01 1/3/2006 3:28 PM 25.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D294BD16d01 1/2/2006 10:05 PM 26.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D2F3EC9Bd01 1/2/2006 2:15 AM 46.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D406276Ed01 1/3/2006 6:41 PM 40.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D44B49B0d01 1/3/2006 2:37 PM 77.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D49A4F39d01 1/3/2006 6:32 PM 27.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D5B347ABd01 1/2/2006 1:36 PM 18.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D88B759Cd01 1/3/2006 5:29 PM 90.67 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\D9021317d01 1/3/2006 10:06 AM 63.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DA54EA14d01 1/3/2006 6:39 PM 20.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC1DB316d01 1/3/2006 10:14 AM 16.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC601174d01 1/3/2006 5:25 PM 48.36 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC6011F2d01 1/3/2006 11:26 PM 68.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC601CF5d01 1/2/2006 8:05 PM 127.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC601D77d01 1/2/2006 11:07 AM 106.84 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC601F75d01 1/2/2006 11:09 PM 145.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DC93AC51d01 1/3/2006 6:41 PM 10.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DDE48E58d01 1/2/2006 5:58 PM 46.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\DE87CC71d01 1/3/2006 11:26 PM 24.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E1B2470Bd01 1/2/2006 1:24 AM 46.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E27E65D1d01 1/4/2006 11:33 AM 22.42 KB Hidden from Windows API.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E2EEFB15d01 1/3/2006 6:41 PM 27.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E32E4040d01 1/3/2006 6:32 PM 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E3F3E0E7d01 1/3/2006 5:41 PM 33.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E3F3E193d01 1/3/2006 5:39 PM 35.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E3F3EECFd01 1/3/2006 5:41 PM 34.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E3F3F2A5d01 1/3/2006 5:39 PM 35.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E3F3F4C3d01 1/3/2006 5:37 PM 35.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E3F3FE16d01 1/3/2006 3:50 PM 37.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E471AE2Dd01 1/2/2006 8:02 PM 107.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E4E8FC7Dd01 1/3/2006 6:32 PM 3.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E95CC024d01 1/3/2006 3:30 PM 134.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\E9DE84ABd01 1/3/2006 6:13 PM 50.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\EAD228B9d01 1/2/2006 1:23 AM 51.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\EAD728B9d01 1/2/2006 1:23 AM 82.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\EC6FC46Fd01 1/2/2006 11:06 AM 88.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\ED66C330d01 1/3/2006 11:26 PM 18.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\EF5229B1d01 1/3/2006 3:48 PM 1.82 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F0813B19d01 1/3/2006 3:28 PM 5.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F18ACBA0d01 1/3/2006 3:26 PM 47.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F5A60E5Cd01 1/3/2006 3:28 PM 18.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F6220E24d01 1/3/2006 6:31 PM 52.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F623646Bd01 1/3/2006 6:41 PM 26.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F667E38Dd01 1/3/2006 6:38 PM 47.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F66E8972d01 1/3/2006 6:39 PM 143.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F6C0212Dd01 1/3/2006 6:39 PM 22.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F809260Ed01 1/2/2006 8:05 PM 18.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F80C6E76d01 1/2/2006 11:06 AM 18.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F80CEA61d01 1/2/2006 3:01 PM 18.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F8546957d01 1/2/2006 11:08 PM 18.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F8576D52d01 1/3/2006 11:26 PM 18.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F8576F25d01 1/3/2006 5:24 PM 18.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F92946AFd01 1/3/2006 3:52 PM 18.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\F9FD75ECd01 1/3/2006 5:29 PM 50.23 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FA2E11E5d01 1/3/2006 3:26 PM 91.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FAE0275Bd01 1/2/2006 2:15 AM 19.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FAE6275Bd01 1/2/2006 2:15 AM 19.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FC7C2790d01 1/3/2006 6:13 PM 73.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FCE6F50Bd01 1/3/2006 6:15 PM 78.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FF61C817d01 1/3/2006 10:10 AM 163.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FFD7970Fd01 1/3/2006 6:15 PM 72.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdqioi0n.default\Cache\FFDF6206d01 1/3/2006 6:39 PM 21.99 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}\RP4\A0001115.mfl 1/4/2006 11:03 AM 1.06 MB Hidden from Windows API.
C:\WINDOWS\system32\LogFiles 1/4/2006 11:34 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\system32\LogFiles\HTTPERR 1/4/2006 11:34 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log 1/4/2006 11:34 AM 327 bytes Hidden from Windows API.
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby DavidJ710 » January 4th, 2006, 10:18 pm

Hmm... Ran the scan again and this is all it came up with...

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\ 12/16/2005 9:23 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\ 12/16/2005 9:24 AM 0 bytes Key name contains embedded nulls (*)

RootKitReveal that is.
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby Susan528 » January 5th, 2006, 7:13 am

Hello David,

Did you run the Kapersky Online Beta Scan? Did it find anything?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Susan528 » January 5th, 2006, 5:28 pm

Hello David,

Think that I have obtained information that will fix your problem. But before we proceed, please let me know if by any chance you are dual booting or have multiple drives or volumes.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby DavidJ710 » January 5th, 2006, 5:56 pm

Susan,
Oh my, this sounds positive. I am not dual booting at the moment. I got this computer a short while ago and I am thinking about putting Ubuntu Linux onto it at some point. I am not married to the idea so if that is a problem, I won't do it. As to your question regarding drives... Hmm. I have what Compaq put on the computer... Let's see. I have a C Drive, my hard disk, and an E Drive, the CD-DVD Burner. As to volumes, unless it is something that comes standard on new laptops, I don't have anything other than the norm. Let me know what we can do.

-David
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby Susan528 » January 5th, 2006, 6:48 pm

http://www.tweakxp.com/article37580.aspx

The above page lists ways to access the System Volume folder for each file system and version of Windows XP.

Right click on My computer ----> Properties = Windows XP version (Home or Pro)

Right click on C:\ -----> Properties = File system type (NTFS or FAT32)

Follow the directions on the link above.

Once within the folder it is important that you know which RP(Restore Point) folder is the current one ( change view to detailed and check dates)

It appears that you have an orphaned folder within the System Volume folder and currently not being used by System Restore. You indicated that the calendar did not show that restore point but only one newly created when you ran the resetSF.VBS. This RP should not pose a threat.

The folder you are looking to delete is going to have the following name in it's path "_restore{EB635C80-91F6-44CA-A791-6C1B6A6F3650}(2)\"

The "(2)" is going to be the giveaway
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby DavidJ710 » January 5th, 2006, 7:49 pm

Alright... Done and done. The restore files in the infected directory have been deleted. What's next, Guru of Malware Removal? :colors:
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE

Unread postby Susan528 » January 5th, 2006, 9:34 pm

Hello David,

Good Work!:D

Guru of Malware Removal
I had help which is what I like about this forum. No one can know it all and we help each other.

Could I talk you into running another MWAV scan to give me the satisfaction of seeing those infected _restore entries no more?

Please post another hijackthis log. Then if everything looks okay (I believe it will}, I will give you the final clean-up instructions.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby DavidJ710 » January 6th, 2006, 12:10 pm

VICTORY!

No more "_restore" files! Here is the proof


MWAV Scan:


File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Program Files\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\WINDOWS\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".frBB3C". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gba". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j31". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebNexus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0254F2B0-7116-40FC-8551-A2ED8C0C5872}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{038E9840-12DD-40E8-82BE-DA826423886E}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BB66938-FC89-4658-A365-7CD7F60E87E7}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CA55C77-CC60-408B-94C6-EC772FD104A9}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CA68D9F-3A22-4EE6-8DD3-9F4BA554625A}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FAE3754-F46B-45DA-B4CF-9EBF92E950EA}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FE7C365-F6A9-4AD2-A075-D61F9AD59236}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{20351880-1EF9-4879-A646-9FAF6D9FC87D}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23AF82A5-E704-4EBC-BFE8-DF33EA467512}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AFC1A12-65EC-433A-BF9B-7AD381F1EF10}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D0DE198-0296-4A84-AC3B-0DB11C7F62F2}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A5AC3A7-CC29-47F8-A0FF-AB82F3D2D9F5}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4E3B8D-98C8-4701-92D6-64702D6A9EEF}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70A4E5E9-D350-4AF0-8298-98E8BB30ADB7}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D2E6C05-A032-4B23-8287-C3ACF30703B0}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9E0B8886-3014-4617-91AA-DF4B8D50E77C}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A7371B3E-46D1-48B0-890D-CC9E7E531EDD}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9141FB9-7A4F-4047-94A2-0A0B1DEF5EBB}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{aac8802e-d17a-4ad6-89a7-bd133078b0c6}" refers to invalid object "C:\WINDOWS\system32\gkgfe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B50EB9E2-FC6D-4E25-9492-B5D77F373EE2}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B7800816-BCE4-4228-BD55-2E7A2B0B230A}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c0164c20-33c8-4f60-bfd1-557e08a93f58}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5AF2622-8C75-4dfb-9693-23AB7686A456}" refers to invalid object "C:\WINDOWS\DH.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}" refers to invalid object "C:\PROGRA~1\SPYWAR~1\swdoctor.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamiui.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ec48db94-98df-4c2f-932f-bbc28af0a316}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F708D841-35FE-4AD6-A313-A7F5F1037A8A}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBA89159-6A08-4004-B269-D34588429A88}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Program Files\ewido anti-malware\context.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CEACE91F-3F71-4A8C-B952-63716B2BC026}" refers to invalid object "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001059.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001074.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001115.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001120.dll tagged as "not-a-virus:AdWare.Win32.Ihbo.gen". Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001160.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001183.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP14\A0001465.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\David\Desktop\ResetSR.VBS infected by "Backdoor.Win32.Delf.akf" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001059.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001074.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001115.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001120.dll tagged as "not-a-virus:AdWare.Win32.Ihbo.gen". Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001160.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP12\A0001183.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-527237240-1580818891-725345543-1011\Dc29\RP14\A0001465.exe infected by "Trojan-Proxy.Win32.Delf.an" Virus! Action Taken: No Action Taken.

Hijack This Scan:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:43 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wooster.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wooster.edu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\User\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TNIFBJ - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\David\LOCALS~1\Temp\TNIFBJ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
DavidJ710
Regular Member
 
Posts: 18
Joined: December 31st, 2005, 12:28 pm
Location: Lincoln, NE
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware