Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackthis log and adaware log and startup list

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackthis log and adaware log and startup list

Unread postby duely » September 11th, 2006, 4:44 pm

ADAWARE LOG

ArchiveData(auto-quarantine- 2006-09-10 20-24-30.bckp)
Referencefile : SE1R117 03.08.2006
======================================================

ADWARE.HUACISOU
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : system\controlset001\services\abhcop
obj[1]=RegValue : system\controlset001\services\abhcop "Start"
obj[2]=RegValue : system\controlset001\services\abhcop "ErrorControl"
obj[3]=RegValue : system\controlset001\services\abhcop "ImagePath"
obj[4]=RegValue : system\controlset001\services\abhcop "DisplayName"
obj[5]=RegValue : system\controlset001\services\abhcop "Group"
obj[6]=Regkey : system\controlset001\services\hcalway
obj[7]=RegValue : system\controlset001\services\hcalway "Start"
obj[8]=RegValue : system\controlset001\services\hcalway "ErrorControl"
obj[9]=RegValue : system\controlset001\services\hcalway "Tag"
obj[10]=RegValue : system\controlset001\services\hcalway "ImagePath"
obj[11]=RegValue : system\controlset001\services\hcalway "DisplayName"
obj[12]=RegValue : system\controlset001\services\hcalway "Group"
obj[13]=RegValue : system\controlset001\services\hcalway "Description"
obj[14]=RegValue : system\controlset001\services\hcalway "MaxRecords"
obj[15]=RegValue : system\controlset001\services\hcalway "MaxNames"
obj[16]=RegValue : system\controlset001\services\hcalway "DebugFlags"
obj[17]=RegValue : system\controlset001\services\hcalway "AttachMode"
obj[18]=Regkey : system\currentcontrolset\services\abhcop
obj[19]=RegValue : system\currentcontrolset\services\abhcop "Start"
obj[20]=RegValue : system\currentcontrolset\services\abhcop "ErrorControl"
obj[21]=RegValue : system\currentcontrolset\services\abhcop "ImagePath"
obj[22]=RegValue : system\currentcontrolset\services\abhcop "DisplayName"
obj[23]=RegValue : system\currentcontrolset\services\abhcop "Group"
obj[24]=Regkey : system\currentcontrolset\services\hcalway
obj[25]=RegValue : system\currentcontrolset\services\hcalway "Start"
obj[26]=RegValue : system\currentcontrolset\services\hcalway "ErrorControl"
obj[27]=RegValue : system\currentcontrolset\services\hcalway "Tag"
obj[28]=RegValue : system\currentcontrolset\services\hcalway "ImagePath"
obj[29]=RegValue : system\currentcontrolset\services\hcalway "DisplayName"
obj[30]=RegValue : system\currentcontrolset\services\hcalway "Group"
obj[31]=RegValue : system\currentcontrolset\services\hcalway "Description"
obj[32]=RegValue : system\currentcontrolset\services\hcalway "MaxRecords"
obj[33]=RegValue : system\currentcontrolset\services\hcalway "MaxNames"
obj[34]=RegValue : system\currentcontrolset\services\hcalway "DebugFlags"
obj[35]=RegValue : system\currentcontrolset\services\hcalway "AttachMode"
obj[36]=Folder : C:\Program Files\HuaCi
obj[37]=File : C:\Program Files\HuaCi\huaci\Mouse1.dll
obj[38]=File : C:\Program Files\HuaCi\huaci\SearchM.dll
obj[39]=File : C:\Program Files\HuaCi\huaci\zsearch.exe
obj[40]=File : C:\Program Files\HuaCi\huaci\zsup.exe
obj[41]=File : C:\WINDOWS\system32\drivers\abhcop.sys
obj[42]=File : C:\WINDOWS\system32\drivers\hcalway.sys




HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 4:36:18 PM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\PickelsAREtasty\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3733973263
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe



START UP LIST LOG

StartupList report, 9/11/2006, 4:33:02 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\PickelsAREtasty\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\PickelsAREtasty\Desktop\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
WheelMouse = C:\PROGRA~1\Mouse\Amoumain.exe
CaAvTray = "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
CAVRID = "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
Zone Labs Client = C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
ioloDelayModule = C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
eTrustPPAP = "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
PCLEPCI = C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
PinnacleDriverCheck = C:\WINDOWS\system32\\PSDrvCheck.exe
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
CloneCDTray = "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
!ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

AAW = "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SMSystemAnalyzer = "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
ATI Launchpad = "C:\Program Files\ATI Multimedia\main\launchpd.exe"
ATI DeviceDetect = C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control = "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
TGTSoft Explorer Toolbar Changer - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll - {C333CF63-767F-4831-94AC-E683D962C63C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP DArC Task #Hewlett-Packard#hp psc 1310 series#1143707757.job

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupda ... 3733973263

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan ... asinst.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 6,069 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm
Advertisement
Register to Remove

Unread postby Susan528 » September 13th, 2006, 5:03 am

Hi duely and Welcome to Malware Removal,

Your internet connection may be slow because you are running Freenet,

If you were not aware of this, or did not install this application, Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Freenet

Then, using Windows Explorer, delete the following folder:
C:\Program Files\freenet

If you were intentionally running this program, you should realize there are risks in running a alpha application (earlier than a program in beta testing).

Scan with HijackThis. Place a check against each of the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


If you uninstalled Freenet, check this item (if still there):
O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\freenet\bin\wrapper-windows-x86-32.exe" -s ../wrapper.conf (file missing)

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Download Blacklight trial from here:
http://www.f-secure.com/blacklight/
  • Hit I accept. It will take you to download page.
  • Download blbeta.exe and save it to the Desktop.
  • Once saved... double click blbeta.exe to install the program.
  • Click accept agreement and Click scan
    This app too may fire off a warning from antivirus. Let the driver load.
    Wait for it to finish.
  • If it displays any items...don't do anything with them yet. Just hit exit (close)
  • It will drop a log on Desktop that starts with fsbl....big number
Please post contents of log in your next reply.

Please download
Rootkit Revealer
to your desktop.
  • Unzip the file.
  • Turn off your real time antivirus for a moment.
  • Then go to file->scan
  • This will take some time.
  • When it's done, go to file->save
  • save the logfile to the desktop

Then past the contents in your next reply.
*Don't forget to turn your AV back on afterwards*

Post (reply) with a fresh HijackThis log, the post contents of log that starts with fsbl …big number and the logfile from RootkitRevealer.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby duely » September 13th, 2006, 4:58 pm

Thanks for your fast reply. Before I post the log's I would like to say that I had to
move Freenet by hand because the uninstaller wouldn't work. So all I did was Delete the
c:/program files/freenet folder. there still may be registry or what not left from this program,
I dunno.






HIJACK THIS LOG



Logfile of HijackThis v1.99.1
Scan saved at 8:10:08 AM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Mouse\Amoumain.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\DirectX\services.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\PickelsAREtasty\Desktop\RootkitRevealer\RootkitRevealer.exe
C:\DOCUME~1\PICKEL~1\LOCALS~1\Temp\PTRBON.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PickelsAREtasty\Desktop\blbeta.exe
C:\Documents and Settings\PickelsAREtasty\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgrr] "C:\WINDOWS\system32\DirectX\winlogon.exe" -b javacypts.dll
O4 - HKCU\..\Run: [msmsgr] "C:\WINDOWS\system32\DirectX\services.exe" /u /h
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3733973263
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: PTRBON - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\PICKEL~1\LOCALS~1\Temp\PTRBON.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe




The BLBETA LOG

09/13/06 08:08:49 [Info]: BlackLight Engine 1.0.46 initialized
09/13/06 08:08:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/13/06 08:08:51 [Note]: 7019 4
09/13/06 08:08:51 [Note]: 7005 0
09/13/06 08:08:55 [Note]: 7006 0
09/13/06 08:08:56 [Note]: 7011 428
09/13/06 08:08:56 [Note]: 7026 0
09/13/06 08:08:56 [Note]: 7026 0
09/13/06 08:09:14 [Note]: FSRAW library version 1.7.1019
09/13/06 08:44:22 [Note]: 2000 1006
09/13/06 08:49:08 [Note]: 7007 0











ROOTKITREVIELER LOG




HKLM\SOFTWARE\Classes\.ids\ 9/5/2006 6:41 PM 9 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\blue.Shortcut\ 9/5/2006 6:41 PM 15 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\blue.Shortcut\shell\open\command\ 9/5/2006 6:41 PM 15 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{C1C03BEF-A677-11d7-A773-00C04F68F44E}\Pins\Input\Types\{10ed2d83-f16f-0348-2000-8c26b23e9a26}\22 4/23/2006 8:47 PM 91 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A2CBE4ECA22FFDB498DA18DCF4AD2F7B\Usage\Main 9/13/2006 8:32 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 9/13/2006 4:33 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\HackCount 9/13/2006 4:33 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 9/13/2006 4:33 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 8/19/2006 6:56 PM 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 9/13/2006 1:00 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41 9/13/2006 1:00 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg42 7/22/2006 10:01 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg43 9/13/2006 1:03 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg44 7/21/2006 12:15 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg45 8/18/2006 9:44 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqjvxxl1.default\Cache\CC87815Ad01 9/13/2006 4:39 PM 81.47 KB Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqjvxxl1.default\Cache\E6BE232Fd01 9/13/2006 4:39 PM 32.23 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqjvxxl1.default\Cache\EB779CCEd01 9/13/2006 4:39 PM 19.12 KB Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqjvxxl1.default\Cache\F915784Ad01 9/13/2006 4:40 PM 32.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\;ord=08130191040[2] 9/13/2006 4:38 PM 414 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\;ord=57102514695[2] 9/13/2006 4:39 PM 406 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temporary Internet Files\Content.IE5\PF2AVR2B\;ord=63487557936[2] 9/13/2006 4:37 PM 406 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temporary Internet Files\Content.IE5\PF2AVR2B\;ord=85941601858[2] 9/13/2006 4:39 PM 406 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temporary Internet Files\Content.IE5\TUMEIVN9\;ord=16029516831[2] 9/13/2006 4:38 PM 416 bytes Hidden from Windows API.
C:\Program Files\eMule\Temp\005.part.met 9/13/2006 4:39 PM 9.55 KB Hidden from Windows API.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc22.txt 4/18/2005 9:29 PM 158 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc23.log 9/11/2006 4:36 PM 6.62 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc24.txt 9/11/2006 4:34 PM 5.76 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc25.TXT 9/10/2006 8:34 PM 3.01 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast 9/13/2006 8:11 AM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE 1/27/2005 12:10 AM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\Crack 1/23/2005 8:18 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\Crack\realmlist.wtf 1/23/2005 2:22 PM 23 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\Crack\WoW.exe 11/17/2004 1:09 AM 4.34 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\NFO 1/23/2005 8:47 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\NFO\Readme.World.of.Warcraft.Server.V.0.2.txt 1/24/2005 2:34 PM 1.82 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\NFO\xil-wows.nfo 1/24/2005 2:41 PM 5.73 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\Patch 1/26/2005 11:58 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\Patch\prepatch.log 1/26/2005 11:58 PM 511 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\Patch\WoW-1.1.1-patch-enUS.exe 1/21/2005 2:59 PM 19.41 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE 1/23/2005 8:19 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin 1/23/2005 8:11 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\accounts 1/23/2005 7:47 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\accounts\GM 1/23/2005 7:47 PM 105 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\accounts\Player 1/23/2005 8:15 PM 116 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\libeay32.dll 1/12/2005 11:10 PM 320.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\logs 1/23/2005 8:16 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\saves 1/24/2005 2:18 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\saves\ppoints.0.bin 1/14/2005 6:28 PM 1.37 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\saves\ppoints.1.bin 1/14/2005 6:28 PM 698.94 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\saves\world.save 1/23/2005 9:15 PM 2.69 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\saves\world.save.backup 1/23/2005 9:15 PM 2.69 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts 1/23/2005 7:48 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\AreaTable.dbc 1/12/2005 11:15 PM 95.17 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\areatriggers.scp 1/12/2005 11:15 PM 17.72 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\classes.scp 1/23/2005 3:57 PM 19.10 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\creatures.scp 1/23/2005 5:46 PM 913.13 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\defines.scp 1/12/2005 11:16 PM 31.35 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\EmotesText.dbc 1/12/2005 11:16 PM 13.34 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\emu.conf 1/24/2005 2:19 PM 555 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\gameobjects.scp 1/12/2005 11:17 PM 314.51 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\items.scp 1/12/2005 11:17 PM 1.72 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\quests.scp 1/23/2005 2:11 PM 226.44 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\Spell.dbc 1/12/2005 11:19 PM 10.65 MB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\SpellCastTimes.dbc 1/12/2005 11:18 PM 821 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\spellcost.scp 1/12/2005 11:19 PM 31.16 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\SpellDuration.dbc 1/12/2005 11:19 PM 1.11 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\Talent.dbc 1/12/2005 11:19 PM 35.21 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\TaxiNodes.dbc 1/12/2005 11:19 PM 5.38 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\TaxiPath.dbc 1/12/2005 11:20 PM 2.90 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl 1/23/2005 7:47 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\ConservatorIlthalaine.tcl 1/12/2005 11:37 PM 2.45 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\CrownoftheEarth1.tcl 1/12/2005 11:37 PM 2.73 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\CrownoftheEarth2.tcl 1/12/2005 11:37 PM 3.69 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\DeputyWillem.tcl 1/12/2005 11:38 PM 2.60 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\EaganPeltskinner.tcl 1/12/2005 11:38 PM 1.88 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\FalkhaanIsenstrider.tcl 1/12/2005 11:38 PM 2.17 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\GilshalanWindwalker.tcl 1/12/2005 11:38 PM 2.81 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\HelloWorld.tcl 1/12/2005 11:38 PM 1.33 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\InnkeeperFarley.tcl 1/12/2005 11:38 PM 1.59 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\MarshalMcBride.tcl 1/12/2005 11:39 PM 1.54 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\MillyOsworth.tcl 1/12/2005 11:39 PM 2.76 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\SpiritHealer.tcl 1/12/2005 11:39 PM 1.17 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\startup.tcl 1/15/2005 12:31 AM 2.37 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\StenStoutarm.tcl 1/12/2005 11:40 PM 2.32 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\tcl\TenaronSummons.tcl 1/12/2005 11:40 PM 1.86 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\scripts\WorldSafeLocs.dbc 1/12/2005 11:20 PM 6.08 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\tcl84.dll 1/12/2005 11:10 PM 776.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\TrayWoWemu.exe 1/12/2005 11:11 PM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\WoWemu.exe 1/19/2005 7:32 PM 476.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\wowemu.ico 1/20/2005 11:31 PM 4.67 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www 1/24/2005 2:20 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\__bad_login.html 1/12/2005 11:23 PM 136 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\__bad_password.html 1/12/2005 11:23 PM 139 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\create.html 1/13/2005 6:11 PM 479 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\index.html 1/12/2005 11:22 PM 1.10 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\login.html 1/12/2005 11:22 PM 474 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW 1/24/2005 2:15 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\acc_confirm.php 1/23/2005 7:12 PM 1.24 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\acc_step1.php 1/22/2005 3:56 PM 10.50 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\acc_step2.php 1/23/2005 7:13 PM 10.41 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\acc_step3.php 1/23/2005 7:13 PM 8.79 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\agreement.txt 1/23/2005 7:09 PM 76 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\bgen.php 1/23/2005 7:14 PM 6.65 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\config.php 1/22/2005 3:57 PM 103 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\emails.txt 1/22/2005 3:28 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\favicon.ico 1/20/2005 11:31 PM 4.67 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\form_finish.php 1/23/2005 7:14 PM 8.67 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\index.php 1/23/2005 7:14 PM 9.16 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\news.txt 1/23/2005 7:10 PM 32 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\status.php 1/22/2005 1:26 PM 1.21 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons 1/23/2005 7:10 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons\connect.gif 1/22/2005 1:40 AM 5.61 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons\create.gif 1/22/2005 1:40 AM 5.43 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons\forums.gif 1/22/2005 1:42 AM 5.43 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons\manage.gif 1/22/2005 1:41 AM 5.54 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons\news.gif 1/22/2005 1:39 AM 5.36 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\original\buttons\Thumbs.db 1/23/2005 7:10 PM 13.50 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\agree-button.gif 1/22/2005 2:33 PM 3.97 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\but_back.gif 1/22/2005 3:19 PM 2.84 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\but_confirm.gif 1/22/2005 3:18 PM 4.92 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\left_left.gif 1/22/2005 2:11 PM 889 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\right_right.gif 1/22/2005 2:22 PM 875 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\step1_ok.gif 1/22/2005 2:21 PM 2.10 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\step2_no.gif 1/22/2005 2:18 PM 2.28 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\step2_ok.gif 1/22/2005 2:23 PM 2.11 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\step3_no.gif 1/22/2005 2:19 PM 2.33 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\step3_ok.gif 1/22/2005 2:24 PM 2.14 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\acc_status\Thumbs.db 1/22/2005 3:58 PM 34.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\bg.gif 1/22/2005 12:42 PM 36.15 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\bg_b.jpg 1/22/2005 12:32 PM 19.55 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\build_normal.jpg 1/22/2005 12:26 PM 8.59 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\build_up.jpg 1/22/2005 12:27 PM 8.69 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\comm_norm.jpg 1/22/2005 12:30 PM 8.71 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\comm_up.jpg 1/22/2005 12:31 PM 8.72 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\down_norm.jpg 1/22/2005 12:56 PM 8.58 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\down_up.jpg 1/22/2005 12:57 PM 8.73 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\head_norm.jpg 1/22/2005 12:24 PM 8.69 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\head_up.jpg 1/22/2005 12:25 PM 8.75 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\how_norm.jpg 1/22/2005 12:29 PM 8.44 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\how_up.jpg 1/22/2005 12:29 PM 8.51 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\moder_norm.jpg 1/22/2005 12:28 PM 8.24 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\moder_up.jpg 1/22/2005 12:28 PM 8.33 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\php.gif 1/22/2005 1:05 PM 3.40 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\serv_norm.jpg 1/22/2005 1:01 PM 8.57 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\serv_up.jpg 1/22/2005 1:02 PM 8.68 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\b_b\Thumbs.db 1/22/2005 3:40 PM 64.50 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files 1/23/2005 7:10 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files\dateheader-bg.gif 12/5/2004 12:08 AM 2.60 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files\dateheader-left.gif 12/5/2004 12:08 AM 722 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files\dateheader-right.gif 12/5/2004 12:09 AM 488 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files\space.gif 11/22/2004 4:59 PM 87 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files\status.gif 1/22/2005 1:07 PM 6.17 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\files\Thumbs.db 1/23/2005 7:10 PM 8.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\account-creation.gif 1/21/2005 11:50 PM 8.08 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\blizlogo-bot.gif 1/21/2005 11:50 PM 711 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\blizlogo-top.gif 1/21/2005 11:50 PM 4.86 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\bottomborder.gif 1/21/2005 11:50 PM 1.21 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-bot-bg.gif 1/21/2005 11:50 PM 4.28 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-bot-left.gif 1/21/2005 11:50 PM 4.75 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-bot-right.gif 1/21/2005 11:50 PM 4.67 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-left-bot.gif 1/21/2005 11:50 PM 3.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-left-top.gif 1/21/2005 11:50 PM 2.93 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-right-bot.gif 1/21/2005 11:50 PM 2.94 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-right-top.gif 1/21/2005 11:50 PM 2.94 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-top-bg.gif 1/21/2005 11:50 PM 7.19 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-top-left.gif 1/21/2005 11:50 PM 4.26 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame-top-right.gif 1/21/2005 11:50 PM 4.18 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame_left_bg.gif 1/22/2005 1:11 AM 3.29 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\frame_right_bg.gif 1/22/2005 1:14 AM 3.64 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\gold-bg.gif 1/21/2005 11:50 PM 4.76 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\gryph-left.gif 1/21/2005 11:50 PM 1.88 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\gryph-right.gif 1/21/2005 11:50 PM 1.88 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\light2.jpg 12/4/2004 8:27 PM 5.76 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\pixel.gif 1/21/2005 11:50 PM 43 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\style.css 1/22/2005 2:42 PM 4.54 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\Thumbs.db 1/22/2005 2:02 PM 143.50 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\topbg-left.gif 1/21/2005 11:50 PM 2.00 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\topbg-right.gif 1/21/2005 11:50 PM 1.99 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\wowlogo-left.gif 1/21/2005 11:50 PM 5.85 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\wowlogo-right.gif 1/21/2005 11:50 PM 6.58 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\images\wowlogo2.gif 1/21/2005 11:50 PM 13.55 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random 1/23/2005 7:07 PM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random\cata.jpg 1/22/2005 2:06 PM 17.21 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random\gnome.jpg 1/22/2005 2:06 PM 16.61 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random\human.jpg 1/22/2005 2:01 PM 16.62 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random\random.php 1/22/2005 3:57 PM 3.14 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random\Thumbs.db 1/22/2005 3:57 PM 27.50 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\PHP_NEW\Themes\warcraft\random\troll.jpg 1/22/2005 2:06 PM 19.09 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\wowemu.css 1/12/2005 11:23 PM 832 bytes Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.Server.V.0.2-XiLiNCE\bin\www\wowemu_logo.gif 1/12/2005 11:23 PM 5.96 KB Visible in Windows API, MFT, but not in directory index.
C:\RECYCLER\S-1-5-21-1454471165-1979792683-839522115-1003\Dc26.Shadowcast\World.of.Warcraft.WORKiNG.CRACKFiX.SERVER.READNFO-XiLiNCE\World.of.Warcraft.S
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

Unread postby Susan528 » September 13th, 2006, 5:08 pm

I think the Root Revealer log was cut off. Please reply with the log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

new scan

Unread postby duely » September 13th, 2006, 6:38 pm

Okay I did a new scan and this is what I got....However, I was copying a DVD, burning a cd, and moving music videos all at the same time, while scanning, that is probably why there are alot more files in the report than there should be...

HKLM\SOFTWARE\Classes\.ids\ 9/5/2006 6:41 PM 9 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\blue.Shortcut\ 9/5/2006 6:41 PM 15 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\blue.Shortcut\shell\open\command\ 9/5/2006 6:41 PM 15 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{C1C03BEF-A677-11d7-A773-00C04F68F44E}\Pins\Input\Types\{10ed2d83-f16f-0348-2000-8c26b23e9a26}\22 4/23/2006 8:47 PM 91 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 4/16/2006 12:57 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 9/13/2006 6:07 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 9/13/2006 6:08 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\HackCount 9/13/2006 6:08 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 9/13/2006 6:08 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{43E32459-10FE-4A18-B81F-8D8BA0788FCC} 9/13/2006 6:12 PM 220 bytes Windows API length not consistent with raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 8/19/2006 6:56 PM 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 9/13/2006 1:00 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41 9/13/2006 1:00 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg42 7/22/2006 10:01 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg43 9/13/2006 1:03 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg44 7/21/2006 12:15 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg45 8/18/2006 9:44 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.59b65648 9/13/2006 6:18 PM 20.77 KB Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Application Data\Aim\pickelsaretasty\urlcache\aim43E.tmp 9/13/2006 5:46 PM 426 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Application Data\Aim\pickelsaretasty\urlcache\aim462.tmp 9/13/2006 6:16 PM 426 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\iolowupd 9/13/2006 6:19 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa 9/13/2006 6:12 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\dirapi.dll 9/13/2006 6:12 PM 1.43 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\iml32.dll 9/13/2006 6:12 PM 616.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\Macromedia.lok 9/13/2006 6:12 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\msvcrt.dll 9/13/2006 6:12 PM 260.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\proj.dll 9/13/2006 6:12 PM 148.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras 9/13/2006 6:12 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\DirectSound.x32 9/13/2006 6:12 PM 32.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\DVD Asset.x32 9/13/2006 6:12 PM 80.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\Flash Asset Options.x32 9/13/2006 6:12 PM 148.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\Flash Asset.x32 9/13/2006 6:12 PM 804.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\INetURL.x32 9/13/2006 6:12 PM 44.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\NetFile.x32 9/13/2006 6:12 PM 52.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\NetLingo.x32 9/13/2006 6:12 PM 48.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\Sound Control.x32 9/13/2006 6:12 PM 48.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\TempFolder.aaa\xtras\SWADCmpr.x32 9/13/2006 6:12 PM 68.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\eMule\Temp\035.part.met 9/13/2006 5:54 PM 2.69 KB Visible in Windows API, directory index, but not in MFT.
C:\Program Files\PeerGuardian2\history.db-journal 9/13/2006 6:22 PM 48.59 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\CAVTemp\TEMPMON_2408_0 9/13/2006 6:15 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\CAVTemp\TEMPMON_3336_0 9/13/2006 6:19 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 9/13/2006 6:13 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Flogging Molly 9/13/2006 6:28 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\Franz Ferdinand 9/13/2006 6:28 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\FreezePop 9/13/2006 6:27 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\Green Day 9/13/2006 6:27 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\Haiducii 9/13/2006 6:27 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\Hot Hot Heat 9/13/2006 6:27 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\In Extremo 9/13/2006 6:26 PM 0 bytes Visible in directory index, but not Windows API or MFT.
E:\Music Videos\Interpol 9/13/2006 6:26 PM 0 bytes Visible in Windows API, directory index, but not in MFT.
E:\Music Videos\Interpol\Interpol - C'mere.mpg 2/2/2006 6:24 AM 64.10 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Interpol\Interpol - C'mere.mpg:KAVICHS 2/2/2006 6:24 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Interpol\Interpol - Evil.mpg 1/29/2006 7:37 PM 35.90 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Interpol\Interpol - Evil.mpg:KAVICHS 1/29/2006 7:37 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Interpol\Interpol - NYC.mpg 2/2/2006 1:09 PM 36.15 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Interpol\Interpol - NYC.mpg:KAVICHS 2/2/2006 1:09 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Interpol\Interpol - Obstacle.mpg 2/1/2006 10:42 AM 36.30 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane 9/13/2006 6:25 PM 0 bytes Visible in Windows API, directory index, but not in MFT.
E:\Music Videos\Keane\04 - Bedshaped (Video).mpg 3/25/2005 7:39 PM 70.94 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\04 - Bedshaped (Video).mpg:KAVICHS 3/25/2005 7:39 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\04 - Somewhere only we know (Video).mpg 5/22/2004 10:48 AM 68.11 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\04 - Somewhere only we know (Video).mpg:KAVICHS 5/22/2004 10:48 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\05 - Everybody's changing (Video).mpg 3/25/2005 5:21 PM 51.94 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\05 - Everybody's changing (Video).mpg:KAVICHS 3/25/2005 5:21 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\Keane - Bedshaped (CDUK).avi 4/11/2005 5:12 PM 116.20 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Keane\Keane - Bedshaped (CDUK).avi:KAVICHS 4/11/2005 5:12 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Kid Koala 9/13/2006 6:25 PM 0 bytes Visible in Windows API, directory index, but not in MFT.
E:\Music Videos\Kid Koala\Kid Koala - Fender Bender.mpg 10/17/2003 3:00 AM 21.82 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Kid Koala\Kid Koala - Fender Bender.mpg:KAVICHS 10/17/2003 3:00 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Kid Koala\Thumbs.db 12/17/2005 2:45 PM 9.50 KB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Kid Koala\Thumbs.db:encryptable 12/17/2005 2:45 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Kid Koala\Thumbs.db:KAVICHS 12/17/2005 2:45 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron 9/13/2006 6:25 PM 0 bytes Visible in Windows API, directory index, but not in MFT.
E:\Music Videos\Ladytron\Ladytron - Blue Jeans.mpg 2/2/2006 8:50 AM 16.41 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Blue Jeans.mpg:KAVICHS 2/2/2006 8:50 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Destroy everything you touch.mpg 2/1/2006 1:59 PM 38.58 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Destroy everything you touch.mpg:KAVICHS 2/1/2006 1:59 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Evil.mpg 2/2/2006 10:22 AM 34.95 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Evil.mpg:KAVICHS 2/2/2006 10:22 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Playgirl.mpg 2/2/2006 10:19 AM 105.73 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Playgirl.mpg:KAVICHS 2/2/2006 10:19 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Seventeen.mpg 5/13/2004 12:50 AM 60.21 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Seventeen.mpg:KAVICHS 5/13/2004 12:50 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Sugar.mpg 2/2/2006 2:13 AM 46.32 MB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Ladytron - Sugar.mpg:KAVICHS 2/2/2006 2:13 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Thumbs.db 2/2/2006 10:48 PM 15.50 KB Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Thumbs.db:encryptable 2/2/2006 10:48 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
E:\Music Videos\Ladytron\Thumbs.db:KAVICHS 2/2/2006 10:48 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers 6/17/2006 8:52 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002 6/17/2006 8:54 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 01 - 929 Cafe - Oct 2002.avi 11/23/2003 9:42 PM 36.24 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 01 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 9:42 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 02 - 929 Cafe - Oct 2002.avi 11/23/2003 9:59 PM 30.45 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 02 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 9:59 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 03 - 929 Cafe - Oct 2002.avi 11/23/2003 10:09 PM 15.32 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 03 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 10:09 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 04 - 929 Cafe - Oct 2002.avi 11/23/2003 10:17 PM 12.85 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 04 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 10:17 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 05 - 929 Cafe - Oct 2002.avi 11/23/2003 10:36 PM 35.39 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 05 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 10:36 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 06 - 929 Cafe - Oct 2002.avi 11/23/2003 10:47 PM 12.51 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 06 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 10:47 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 07 - 929 Cafe - Oct 2002.avi 11/23/2003 11:00 PM 9.29 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 07 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 11:00 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 08 - 929 Cafe - Oct 2002.avi 11/23/2003 11:16 PM 21.54 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 08 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 11:16 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 09 - 929 Cafe - Oct 2002.avi 11/23/2003 11:30 PM 22.37 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 09 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 11:30 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 10 - 929 Cafe - Oct 2002.avi 11/23/2003 11:44 PM 21.70 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\The Distillers - 10 - 929 Cafe - Oct 2002.avi:KAVICHS 11/23/2003 11:44 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\Thumbs.db 1/8/2006 8:12 PM 18.00 KB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\Thumbs.db:encryptable 1/8/2006 8:12 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Concert at 929 Cafe - Oct 2002\Thumbs.db:KAVICHS 1/8/2006 8:12 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\the distillers - beat your heart out.wmv 12/4/2004 2:26 AM 10.43 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\the distillers - beat your heart out.wmv:KAVICHS 12/4/2004 2:26 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - City of Angels.mpeg 10/13/2002 7:25 PM 14.98 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - City of Angels.mpeg:KAVICHS 10/13/2002 7:25 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Die On A Rope -p4F.mpg 1/31/2006 9:12 PM 46.54 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Die On A Rope -p4F.mpg:KAVICHS 1/31/2006 9:12 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Drain the Blood.mpeg 12/4/2004 8:50 PM 32.39 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Drain the Blood.mpeg:KAVICHS 12/4/2004 8:50 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Hate Me.mpg 8/28/2005 7:59 AM 1.07 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Hate Me.mpg:SummaryInformation 8/28/2005 7:59 AM 88 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Hate Me.mpg:KAVICHS 8/28/2005 7:59 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - Hate Me.mpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 8/28/2005 7:59 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - The Young Crazed Peeling.mpg 12/13/2002 10:40 PM 34.82 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\The Distillers - The Young Crazed Peeling.mpg:KAVICHS 12/13/2002 10:40 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Thumbs.db 2/4/2006 5:17 AM 18.50 KB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Thumbs.db:encryptable 2/4/2006 5:17 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Distillers\Thumbs.db:KAVICHS 2/4/2006 5:17 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Dropkick Murphys 6/17/2006 8:51 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Dropkick Murphys\Dropkick Murphys-The Dirty Glass (Jimmy Kimmel Live 0318)-Weman-Prv.mpg 1/28/2006 2:31 AM 37.55 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Dropkick Murphys\Dropkick Murphys-The Dirty Glass (Jimmy Kimmel Live 0318)-Weman-Prv.mpg:KAVICHS 1/28/2006 2:31 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Figurine 6/17/2006 8:51 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Figurine\Figurine_IMpos.mov 10/25/2001 5:10 AM 5.32 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Figurine\Figurine_IMpos.mov:KAVICHS 10/25/2001 5:10 AM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner 6/17/2006 8:51 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Documentary.DivX.mp3.192kb.avi 5/5/2004 5:45 PM 284.72 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Documentary.DivX.mp3.192kb.avi:KAVICHS 5/5/2004 5:45 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Emerge2000.DivX.mp3.192kb.avi 5/5/2004 6:55 PM 57.69 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Emerge2000.DivX.mp3.192kb.avi:KAVICHS 5/5/2004 6:55 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Emerge2003.DivX.mp3.192kb.avi 5/5/2004 6:05 PM 65.96 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Emerge2003.DivX.mp3.192kb.avi:KAVICHS 5/5/2004 6:05 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Fischerspooner - Never Win.mpeg 2/1/2006 7:56 PM 37.98 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Fischerspooner - Never Win.mpeg:KAVICHS 2/1/2006 7:56 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Sweetness.DivX.mp3.192kb.avi 5/5/2004 6:30 PM 49.98 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Sweetness.DivX.mp3.192kb.avi:KAVICHS 5/5/2004 6:30 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\The15th.DivX.mp3.192kb.avi 5/5/2004 6:45 PM 50.79 MB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\The15th.DivX.mp3.192kb.avi:KAVICHS 5/5/2004 6:45 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Thumbs.db 2/2/2006 8:33 PM 14.00 KB Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Thumbs.db:encryptable 2/2/2006 8:33 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\Music Videos\Fischerspooner\Thumbs.db:KAVICHS 2/2/2006 8:33 PM 36 bytes Visible in Windows API, but not in MFT or directory index.
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

Unread postby Susan528 » September 14th, 2006, 8:15 am

Hi duely,

What problems are you experiencing?

Let's just run another scan please.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.



Please post (reply) with the results from Kapersky and a new hijackthis log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

well

Unread postby duely » September 14th, 2006, 9:13 pm

I'm scanning with the kaspersky Online, and It says its gonna take around 8-15 hours (its been scanning for 4 hours and its only 20% done..) but that's probably because I have almost 2 Terabytes of hardrive space.. Its found a few viruses already. But I have my own antivirus that's up to date on my computer.. it's called EZ Antivirus. Should I just scan with that instead so its faster??

Oh and the problem with the spyware isn't so much that its noticebly slowing my system down, its just that no matter what I do, I can't get rid of the HuaCi folder.. and I have no idea how much of a danger the files actually are.

- regardless, I'll have the online scanner run all night and I'll post up the report tommorow.
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

Okay..

Unread postby duely » September 15th, 2006, 8:39 am

Logfile of HijackThis v1.99.1
Scan saved at 8:33:25 AM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Mouse\Amoumain.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\DirectX\services.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\PickelsAREtasty\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgrr] "C:\WINDOWS\system32\DirectX\winlogon.exe" -b javacypts.dll
O4 - HKCU\..\Run: [msmsgr] "C:\WINDOWS\system32\DirectX\services.exe" /u /h
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3733973263
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JQDHMNFTS - Unknown owner - C:\DOCUME~1\PICKEL~1\LOCALS~1\Temp\JQDHMNFTS.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe






KASPERSKY ONLINE SCANNER REPORT
Thursday, September 14, 2006 11:42:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/09/2006
Kaspersky Anti-Virus database records: 210383
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
M:\
X:\
Y:\
Z:\
Scan Statistics
Total number of scanned objects 282220
Number of viruses found 7
Number of infected objects 16 / 0
Number of suspicious objects 6
Duration of the scan process 05:52:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Router Service\Log\RouterService.61.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Application Data\Aim\pickelsaretasty\cert8.db Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Application Data\Aim\pickelsaretasty\key3.db Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\History\History.IE5\MSHist012006091420060915\index.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\Perflib_Perfdata_228.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\Perflib_Perfdata_bb0.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\Perflib_Perfdata_c98.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\Perflib_Perfdata_fd0.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temp\~DFDC61.tmp Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PickelsAREtasty\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\Incoming\Everquest Crack\everquest account key\everquest account key.exe Object is locked skipped
C:\Program Files\eMule\Incoming\Everquest Crack\PC Game Crack Everquest 2 Kingdom of Sky leaked by ShareReactor\install.exe/wupdtmngr.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\eMule\Incoming\Everquest Crack\PC Game Crack Everquest 2 Kingdom of Sky leaked by ShareReactor\install.exe SetupFactory: infected - 1 skipped
C:\Program Files\eMule\Incoming\Everquest Crack\Win.NOCD Everquest 2 Kingdom of Sky Windows\install.exe/wupdtmngr.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\eMule\Incoming\Everquest Crack\Win.NOCD Everquest 2 Kingdom of Sky Windows\install.exe SetupFactory: infected - 1 skipped
C:\Program Files\eMule\Incoming\Everquest Crack\Working crack Everquest 2 Kingdom of Sky by Razor1911\install.exe/wupdtmngr.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\eMule\Incoming\Everquest Crack\Working crack Everquest 2 Kingdom of Sky by Razor1911\install.exe SetupFactory: infected - 1 skipped
C:\Program Files\eMule\Incoming\WOW CRACKS\WoW.World.Of.Warcraft.Crack.(BRAND.NEW.KEYGEN.GRANTING.AGAIN.FREE.ACCESS.TO.OFFICIAL.SERVER!!).[Found.via.www.FileDonkey.com]\package.dll/kill.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\eMule\Incoming\WOW CRACKS\WoW.World.Of.Warcraft.Crack.(BRAND.NEW.KEYGEN.GRANTING.AGAIN.FREE.ACCESS.TO.OFFICIAL.SERVER!!).[Found.via.www.FileDonkey.com]\package.dll/services.exe Infected: Backdoor.Win32.ServU-based skipped
C:\Program Files\eMule\Incoming\WOW CRACKS\WoW.World.Of.Warcraft.Crack.(BRAND.NEW.KEYGEN.GRANTING.AGAIN.FREE.ACCESS.TO.OFFICIAL.SERVER!!).[Found.via.www.FileDonkey.com]\package.dll/tlist.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\eMule\Incoming\WOW CRACKS\WoW.World.Of.Warcraft.Crack.(BRAND.NEW.KEYGEN.GRANTING.AGAIN.FREE.ACCESS.TO.OFFICIAL.SERVER!!).[Found.via.www.FileDonkey.com]\package.dll/winlogon.exe Infected: Backdoor.Win32.Iroffer.b skipped
C:\Program Files\eMule\Incoming\WOW CRACKS\WoW.World.Of.Warcraft.Crack.(BRAND.NEW.KEYGEN.GRANTING.AGAIN.FREE.ACCESS.TO.OFFICIAL.SERVER!!).[Found.via.www.FileDonkey.com]\package.dll RAR: infected - 4 skipped
C:\Program Files\eMule\Temp\001.part Object is locked skipped
C:\Program Files\eMule\Temp\002.part Object is locked skipped
C:\Program Files\eMule\Temp\003.part Object is locked skipped
C:\Program Files\eMule\Temp\004.part Object is locked skipped
C:\Program Files\eMule\Temp\005.part Object is locked skipped
C:\Program Files\eMule\Temp\006.part Object is locked skipped
C:\Program Files\eMule\Temp\007.part Object is locked skipped
C:\Program Files\eMule\Temp\008.part Object is locked skipped
C:\Program Files\eMule\Temp\009.part Object is locked skipped
C:\Program Files\eMule\Temp\010.part Object is locked skipped
C:\Program Files\eMule\Temp\011.part Object is locked skipped
C:\Program Files\eMule\Temp\012.part Object is locked skipped
C:\Program Files\eMule\Temp\013.part Object is locked skipped
C:\Program Files\eMule\Temp\014.part Object is locked skipped
C:\Program Files\eMule\Temp\015.part Object is locked skipped
C:\Program Files\eMule\Temp\016.part Object is locked skipped
C:\Program Files\eMule\Temp\017.part Object is locked skipped
C:\Program Files\eMule\Temp\018.part Object is locked skipped
C:\Program Files\eMule\Temp\019.part Object is locked skipped
C:\Program Files\eMule\Temp\020.part Object is locked skipped
C:\Program Files\eMule\Temp\021.part Object is locked skipped
C:\Program Files\eMule\Temp\022.part Object is locked skipped
C:\Program Files\eMule\Temp\024.part Object is locked skipped
C:\Program Files\eMule\Temp\025.part Object is locked skipped
C:\Program Files\eMule\Temp\027.part Object is locked skipped
C:\Program Files\eMule\Temp\028.part Object is locked skipped
C:\Program Files\eMule\Temp\029.part Object is locked skipped
C:\Program Files\eMule\Temp\031.part Object is locked skipped
C:\Program Files\eMule\Temp\033.part Object is locked skipped
C:\Program Files\eMule\Temp\034.part Object is locked skipped
C:\Program Files\eMule\Temp\036.part Object is locked skipped
C:\Program Files\eMule\Temp\037.part Object is locked skipped
C:\Program Files\eMule\Temp\040.part Object is locked skipped
C:\Program Files\eMule\Temp\042.part Object is locked skipped
C:\Program Files\eMule\Temp\043.part Object is locked skipped
C:\Program Files\eMule\Temp\044.part Object is locked skipped
C:\Program Files\eMule\Temp\049.part Object is locked skipped
C:\Program Files\eMule\Temp\050.part Object is locked skipped
C:\Program Files\eMule\Temp\053.part Object is locked skipped
C:\Program Files\eMule\Temp\055.part Object is locked skipped
C:\Program Files\eMule\Temp\056.part Object is locked skipped
C:\Program Files\eMule\Temp\057.part Object is locked skipped
C:\Program Files\eMule\Temp\058.part Object is locked skipped
C:\Program Files\eMule\Temp\059.part Object is locked skipped
C:\Program Files\eMule\Temp\060.part Object is locked skipped
C:\Program Files\eMule\Temp\065.part Object is locked skipped
C:\Program Files\eMule\Temp\066.part Object is locked skipped
C:\Program Files\eMule\Temp\069.part Object is locked skipped
C:\Program Files\eMule\Temp\071.part Object is locked skipped
C:\Program Files\eMule\Temp\073.part Object is locked skipped
C:\Program Files\eMule\Temp\075.part Object is locked skipped
C:\Program Files\eMule\Temp\077.part Object is locked skipped
C:\Program Files\eMule\Temp\078.part Object is locked skipped
C:\Program Files\eMule\Temp\080.part Object is locked skipped
C:\Program Files\eMule\Temp\082.part Object is locked skipped
C:\Program Files\eMule\Temp\083.part Object is locked skipped
C:\Program Files\eMule\Temp\084.part Object is locked skipped
C:\Program Files\eMule\Temp\088.part Object is locked skipped
C:\Program Files\eMule\Temp\090.part Object is locked skipped
C:\Program Files\eMule\Temp\091.part Object is locked skipped
C:\Program Files\eMule\Temp\092.part Object is locked skipped
C:\Program Files\eMule\Temp\094.part Object is locked skipped
C:\Program Files\eMule\Temp\096.part Object is locked skipped
C:\Program Files\eMule\Temp\097.part Object is locked skipped
C:\Program Files\eMule\Temp\099.part Object is locked skipped
C:\Program Files\eMule\Temp\103.part Object is locked skipped
C:\Program Files\eMule\Temp\105.part Object is locked skipped
C:\Program Files\eMule\Temp\107.part Object is locked skipped
C:\Program Files\eMule\Temp\110.part Object is locked skipped
C:\Program Files\eMule\Temp\111.part Object is locked skipped
C:\Program Files\eMule\Temp\118.part Object is locked skipped
C:\Program Files\eMule\Temp\119.part Object is locked skipped
C:\Program Files\eMule\Temp\174.part Object is locked skipped
C:\Program Files\eMule\Temp\306.part Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DUELY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\DirectX\winlogon.exe Infected: Backdoor.Win32.Iroffer.b skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7725.sys Object is locked skipped
C:\WINDOWS\system32\RootkitReveal,txt.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT06801.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_btackle.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_ftackle.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_lockup.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_run.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar RAR: suspicious - 5 skipped
E:\incoming\Windows XP Home - Pro WPA Killer (New - 2.0.1) Works on XP SP1 SP2 RTM OEM updated-fixed 06-2006.zip/Setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
E:\incoming\Windows XP Home - Pro WPA Killer (New - 2.0.1) Works on XP SP1 SP2 RTM OEM updated-fixed 06-2006.zip ZIP: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
X:\a\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
X:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Y:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Y:\System Volume Information\_restore{8D8582F3-0F1F-4D5A-B456-02C4569D0644}\RP91\A0032962.exe/WISE0023.BIN Infected: Trojan-Clicker.Win32.Agent.hz skipped
Y:\System Volume Information\_restore{8D8582F3-0F1F-4D5A-B456-02C4569D0644}\RP91\A0032962.exe WiseSFX: infected - 1 skipped
Z:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.






I have removed all the viruses except for the ones that say Object is locked and these ones.....
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_btackle.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_ftackle.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_lockup.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_run.png Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar Suspicious: Exploit.Win32.MS05-009 skipped
E:\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar RAR: suspicious - 5 skipped
Y:\System Volume Information\_restore{8D8582F3-0F1F-4D5A-B456-02C4569D0644}\RP91\A0032962.exe/WISE0023.BIN Infected: Trojan-Clicker.Win32.Agent.hz skipped
Y:\System Volume Information\_restore{8D8582F3-0F1F-4D5A-B456-02C4569D0644}\RP91\A0032962.exe WiseSFX: infected - 1 skipped


I wasn't able to access the Y:\System Volume folder..
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

also

Unread postby duely » September 15th, 2006, 9:19 am

Should I delete the following in HIJACKTHIS?
O4 ......\Direct X\winlogon.exe
O4 ......\Direct X\services.exe

winlogon came up as a virus and services didn't.. but my firwall
says that services.exe keeps trying to access the internet

Also O23 Service: Freenet 0.7, didn't get removed for some reason, even when
I tried to remove it with Hijack..
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

Unread postby Susan528 » September 15th, 2006, 10:48 am

Hi duely,

I am studying your logs. Please do the following:

Please follow this WGA troubleshooting procedure:


Please post (reply) with the results.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

validatoin

Unread postby duely » September 15th, 2006, 1:39 pm

Diagnostic Report (1.5.0545.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Windows Product Key: *****-*****-6MF33-YMD9D-YMPJG
Windows Product Key Hash: UMuMULGyaJu2kKdplspIHBjbCr0=
Windows Product ID: 55274-OEM-2241946-88362
Windows Product ID Type: 3
Windows License Type: COA/System Builder
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: 1acf674f-92b5-464c-9ddc-00eaa2452a49
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Registered, 1.5.540.0
Signed By: Microsoft
Validation Diagnostic:
Resolution Status: N/A

System Scan Data-->
Scan: Complete
Cryptography: Complete

Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Data-->
Office Status: 114
Office Diagnostics:

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>1acf674f-92b5-464c-9ddc-00eaa2452a49</UGUID><Version>1.5.0545.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><PKey>*****-*****-*****-*****-YMPJG</PKey><PID>55274-OEM-2241946-88362</PID><PIDType>3</PIDType><SID>S-1-5-21-1454471165-1979792683-839522115</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M. by More String</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1012.002</Version><SMBIOSVersion major="2" minor="3"/><Date>20040322000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>47F5360F01846E62</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17075</Pid></Product></Products></Office></Software></GenuineResults>
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

Unread postby Susan528 » September 15th, 2006, 1:42 pm

Please tell me do you still have that huaci folder present? It does not show up in any logs except the Adaware log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

correct

Unread postby duely » September 15th, 2006, 2:07 pm

I have the huaci folder still..with all the files inside..which can't be deleted either..
I click to delete it and it says its protected basically.
I've even tried deleting it in safe mode.
I don't know much about it, but I think it somehow became apart of my system maybe or became part of the login, or something.. I dunno..

It shows up whenever I scan with Adaware or Ewido.
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

well..

Unread postby duely » September 15th, 2006, 2:44 pm

I dunno If it will help but I'll post a new..

Ewido scan log
Ad-aware scan log
Kaspersky Online log
HIJACKTHIS LOG
duely
Regular Member
 
Posts: 27
Joined: August 2nd, 2006, 4:12 pm

Unread postby Susan528 » September 15th, 2006, 2:51 pm

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

======
Stop and Disable Service
  • Go to Start > Run and type in Services.msc then cllick OK
  • Click the Extended tab.
  • Scroll down until you find Freenet 0.7 darknet (freenet-darknet)
  • Click once on the service to highlight it.
  • Click Stop
  • Right-Click on the service.
  • Click on 'Properties'
  • Select the 'General' tab
  • Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
  • From the drop-down menu, click on ‘Disabled'
  • Click the 'Apply' tab, then click 'OK'
The service is now stopped and disabled.

Scan with HijackThis. Place a check against each of the following:
O4 - HKCU\..\Run: [msnmsgrr] "C:\WINDOWS\system32\DirectX\winlogon.exe" -b javacypts.dll
O4 - HKCU\..\Run: [msmsgr] "C:\WINDOWS\system32\DirectX\services.exe" /u /h
O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: JQDHMNFTS - Unknown owner - C:\DOCUME~1\PICKEL~1\LOCALS~1\Temp\JQDHMNFTS.exe (file missing)

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\DirectX\services.exe<=file
C:\WINDOWS\system32\DirectX\winlogon.exe<=file
C:\Program Files\eMule\Incoming\Everquest Crack\<=folder
C:\Program Files\eMule\Incoming\WOW CRACKS\<=folder
E:\incoming\Windows XP Home - Pro WPA Killer (New - 2.0.1) Works on XP SP1 SP2 RTM OEM updated-fixed 06-2006.zip<=file
Exit Explorer, and reboot as normal afterwards.

STEP 1.
======
WinPFind
Please Download the following tools to assist us in removing this infection! Download WinPFind from http://www.bleepingcomputer.com/files/winpfind.php

  1. Right Click the Zip Folder and Select Extract All
  2. Extract it somewhere you will remember like the Desktop
  3. Don’t do anything with it yet!
Reboot.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode



  1. Doubleclick WinPFind.exe
  2. Click on Configure Scan Options.
  3. Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
  4. Click Start Scan
    It will scan the entire System, so please be patient! This scan may take awhile
Once the Scan is Complete

  1. Reboot your computer into normal mode.
  2. Go to the WinPFind folder
  3. Locate WinPFind.txt
  4. Copy the results from the WinPFind.txt file and post the results in your next reply.


Please run ewido also.

Post back a fresh HijackThis log and the WinPFind log and ewido log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 480 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware